1 This is gnutls.info, produced by makeinfo version 4.13.90 from
4 This manual is last updated 6 January 2012 for version 2.12.20 of
7 Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
8 Free Software Foundation, Inc.
10 Permission is granted to copy, distribute and/or modify this
11 document under the terms of the GNU Free Documentation License,
12 Version 1.3 or any later version published by the Free Software
13 Foundation; with no Invariant Sections, no Front-Cover Texts, and
14 no Back-Cover Texts. A copy of the license is included in the
15 section entitled "GNU Free Documentation License".
16 INFO-DIR-SECTION Software libraries
18 * GnuTLS: (gnutls). GNU Transport Layer Security Library.
21 INFO-DIR-SECTION System Administration
23 * certtool: (gnutls)Invoking certtool. Manipulate certificates and keys.
24 * gnutls-serv: (gnutls)Invoking gnutls-serv. GnuTLS test server.
25 * gnutls-cli: (gnutls)Invoking gnutls-cli. GnuTLS test client.
26 * gnutls-cli-debug: (gnutls)Invoking gnutls-cli-debug. GnuTLS debug client.
27 * psktool: (gnutls)Invoking psktool. Simple TLS-Pre-Shared-Keys manager.
28 * srptool: (gnutls)Invoking srptool. Simple SRP password tool.
33 File: gnutls.info, Node: GnuTLS-extra functions, Next: OpenPGP functions, Prev: X.509 certificate functions, Up: Function reference
35 9.3 GnuTLS-extra Functions
36 ==========================
38 These functions are only available in the GPLv3+ version of the library
39 called 'gnutls-extra'. The prototypes for this library lie in
42 gnutls_extra_check_version
43 --------------------------
45 -- Function: const char * gnutls_extra_check_version (const char *
47 REQ_VERSION: version string to compare with, or 'NULL'.
49 Check GnuTLS Extra Library version.
51 See 'GNUTLS_EXTRA_VERSION' for a suitable 'req_version' string.
53 *Return value:* Check that the version of the library is at minimum
54 the one given as a string in 'req_version' and return the actual
55 version string of the library; return 'NULL' if the condition is
56 not met. If 'NULL' is passed to this function no check is done and
57 only the version string is returned.
59 gnutls_global_init_extra
60 ------------------------
62 -- Function: int gnutls_global_init_extra ( VOID)
64 This function initializes the global state of gnutls-extra library
67 Note that 'gnutls_global_init()' has to be called before this
68 function. If this function is not called then the gnutls-extra
69 library will not be usable.
71 This function is not thread safe, see the discussion for
72 'gnutls_global_init()' on how to deal with that.
74 *Returns:* On success, 'GNUTLS_E_SUCCESS' (zero) is returned,
75 otherwise an error code is returned.
78 File: gnutls.info, Node: OpenPGP functions, Next: TLS Inner Application (TLS/IA) functions, Prev: GnuTLS-extra functions, Up: Function reference
83 The following functions are to be used for OpenPGP certificate handling.
84 Their prototypes lie in 'gnutls/openpgp.h'.
86 gnutls_certificate_set_openpgp_key_file2
87 ----------------------------------------
89 -- Function: int gnutls_certificate_set_openpgp_key_file2
90 (gnutls_certificate_credentials_t RES, const char * CERTFILE,
91 const char * KEYFILE, const char * SUBKEY_ID,
92 gnutls_openpgp_crt_fmt_t FORMAT)
93 RES: the destination context to save the data.
95 CERTFILE: the file that contains the public key.
97 KEYFILE: the file that contains the secret key.
99 SUBKEY_ID: a hex encoded subkey id
101 FORMAT: the format of the keys
103 This funtion is used to load OpenPGP keys into the GnuTLS
104 credential structure. The file should contain at least one valid
105 non encrypted subkey.
107 The special keyword "auto" is also accepted as 'subkey_id'. In
108 that case the 'gnutls_openpgp_crt_get_auth_subkey()' will be used
109 to retrieve the subkey.
111 *Returns:* On success, 'GNUTLS_E_SUCCESS' is returned, otherwise a
112 negative error value.
116 gnutls_certificate_set_openpgp_key_file
117 ---------------------------------------
119 -- Function: int gnutls_certificate_set_openpgp_key_file
120 (gnutls_certificate_credentials_t RES, const char * CERTFILE,
121 const char * KEYFILE, gnutls_openpgp_crt_fmt_t FORMAT)
122 RES: the destination context to save the data.
124 CERTFILE: the file that contains the public key.
126 KEYFILE: the file that contains the secret key.
128 FORMAT: the format of the keys
130 This funtion is used to load OpenPGP keys into the GnuTLS
131 credentials structure. The file should contain at least one valid
132 non encrypted subkey.
134 *Returns:* On success, 'GNUTLS_E_SUCCESS' is returned, otherwise a
135 negative error value.
137 gnutls_certificate_set_openpgp_key_mem2
138 ---------------------------------------
140 -- Function: int gnutls_certificate_set_openpgp_key_mem2
141 (gnutls_certificate_credentials_t RES, const gnutls_datum_t *
142 CERT, const gnutls_datum_t * KEY, const char * SUBKEY_ID,
143 gnutls_openpgp_crt_fmt_t FORMAT)
144 RES: the destination context to save the data.
146 CERT: the datum that contains the public key.
148 KEY: the datum that contains the secret key.
150 SUBKEY_ID: a hex encoded subkey id
152 FORMAT: the format of the keys
154 This funtion is used to load OpenPGP keys into the GnuTLS
155 credentials structure. The datum should contain at least one valid
156 non encrypted subkey.
158 The special keyword "auto" is also accepted as 'subkey_id'. In
159 that case the 'gnutls_openpgp_crt_get_auth_subkey()' will be used
160 to retrieve the subkey.
162 *Returns:* On success, 'GNUTLS_E_SUCCESS' is returned, otherwise a
163 negative error value.
167 gnutls_certificate_set_openpgp_key_mem
168 --------------------------------------
170 -- Function: int gnutls_certificate_set_openpgp_key_mem
171 (gnutls_certificate_credentials_t RES, const gnutls_datum_t *
172 CERT, const gnutls_datum_t * KEY, gnutls_openpgp_crt_fmt_t
174 RES: the destination context to save the data.
176 CERT: the datum that contains the public key.
178 KEY: the datum that contains the secret key.
180 FORMAT: the format of the keys
182 This funtion is used to load OpenPGP keys into the GnuTLS
183 credential structure. The datum should contain at least one valid
184 non encrypted subkey.
186 *Returns:* On success, 'GNUTLS_E_SUCCESS' is returned, otherwise a
187 negative error value.
189 gnutls_certificate_set_openpgp_keyring_file
190 -------------------------------------------
192 -- Function: int gnutls_certificate_set_openpgp_keyring_file
193 (gnutls_certificate_credentials_t C, const char * FILE,
194 gnutls_openpgp_crt_fmt_t FORMAT)
195 C: A certificate credentials structure
197 FILE: filename of the keyring.
199 FORMAT: format of keyring.
201 The function is used to set keyrings that will be used internally
202 by various OpenPGP functions. For example to find a key when it is
203 needed for an operations. The keyring will also be used at the
204 verification functions.
206 *Returns:* On success, 'GNUTLS_E_SUCCESS' is returned, otherwise a
207 negative error value.
209 gnutls_certificate_set_openpgp_keyring_mem
210 ------------------------------------------
212 -- Function: int gnutls_certificate_set_openpgp_keyring_mem
213 (gnutls_certificate_credentials_t C, const opaque * DATA,
214 size_t DLEN, gnutls_openpgp_crt_fmt_t FORMAT)
215 C: A certificate credentials structure
217 DATA: buffer with keyring data.
219 DLEN: length of data buffer.
221 FORMAT: the format of the keyring
223 The function is used to set keyrings that will be used internally
224 by various OpenPGP functions. For example to find a key when it is
225 needed for an operations. The keyring will also be used at the
226 verification functions.
228 *Returns:* On success, 'GNUTLS_E_SUCCESS' is returned, otherwise a
229 negative error value.
231 gnutls_certificate_set_openpgp_key
232 ----------------------------------
234 -- Function: int gnutls_certificate_set_openpgp_key
235 (gnutls_certificate_credentials_t RES, gnutls_openpgp_crt_t
236 CRT, gnutls_openpgp_privkey_t PKEY)
237 RES: is a 'gnutls_certificate_credentials_t' structure.
239 PKEY: is an openpgp private key
241 This function sets a certificate/private key pair in the
242 gnutls_certificate_credentials_t structure. This function may be
243 called more than once (in case multiple keys/certificates exist for
246 Note that this function requires that the preferred key ids have
247 been set and be used. See
248 'gnutls_openpgp_crt_set_preferred_key_id()'. Otherwise the master
251 *Returns:* On success, 'GNUTLS_E_SUCCESS' (zero) is returned,
252 otherwise an error code is returned.
254 gnutls_openpgp_crt_check_hostname
255 ---------------------------------
257 -- Function: int gnutls_openpgp_crt_check_hostname
258 (gnutls_openpgp_crt_t KEY, const char * HOSTNAME)
259 KEY: should contain a 'gnutls_openpgp_crt_t' structure
261 HOSTNAME: A null terminated string that contains a DNS name
263 This function will check if the given key's owner matches the given
264 hostname. This is a basic implementation of the matching described
265 in RFC2818 (HTTPS), which takes into account wildcards.
267 *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code.
269 gnutls_openpgp_crt_deinit
270 -------------------------
272 -- Function: void gnutls_openpgp_crt_deinit (gnutls_openpgp_crt_t KEY)
273 KEY: The structure to be initialized
275 This function will deinitialize a key structure.
277 gnutls_openpgp_crt_export
278 -------------------------
280 -- Function: int gnutls_openpgp_crt_export (gnutls_openpgp_crt_t KEY,
281 gnutls_openpgp_crt_fmt_t FORMAT, void * OUTPUT_DATA, size_t *
285 FORMAT: One of gnutls_openpgp_crt_fmt_t elements.
287 OUTPUT_DATA: will contain the key base64 encoded or raw
289 OUTPUT_DATA_SIZE: holds the size of output_data (and will be
290 replaced by the actual size of parameters)
292 This function will convert the given key to RAW or Base64 format.
293 If the buffer provided is not long enough to hold the output, then
294 'GNUTLS_E_SHORT_MEMORY_BUFFER' will be returned.
296 *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code.
298 gnutls_openpgp_crt_get_auth_subkey
299 ----------------------------------
301 -- Function: int gnutls_openpgp_crt_get_auth_subkey
302 (gnutls_openpgp_crt_t CRT, gnutls_openpgp_keyid_t KEYID,
304 CRT: the structure that contains the OpenPGP public key.
306 KEYID: the struct to save the keyid.
308 FLAG: Non zero indicates that a valid subkey is always returned.
310 Returns the 64-bit keyID of the first valid OpenPGP subkey marked
311 for authentication. If flag is non zero and no authentication
312 subkey exists, then a valid subkey will be returned even if it is
313 not marked for authentication. Returns the 64-bit keyID of the
314 first valid OpenPGP subkey marked for authentication. If flag is
315 non zero and no authentication subkey exists, then a valid subkey
316 will be returned even if it is not marked for authentication.
318 *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code.
320 gnutls_openpgp_crt_get_creation_time
321 ------------------------------------
323 -- Function: time_t gnutls_openpgp_crt_get_creation_time
324 (gnutls_openpgp_crt_t KEY)
325 KEY: the structure that contains the OpenPGP public key.
327 Get key creation time.
329 *Returns:* the timestamp when the OpenPGP key was created.
331 gnutls_openpgp_crt_get_expiration_time
332 --------------------------------------
334 -- Function: time_t gnutls_openpgp_crt_get_expiration_time
335 (gnutls_openpgp_crt_t KEY)
336 KEY: the structure that contains the OpenPGP public key.
338 Get key expiration time. A value of '0' means that the key doesn't
341 *Returns:* the time when the OpenPGP key expires.
343 gnutls_openpgp_crt_get_fingerprint
344 ----------------------------------
346 -- Function: int gnutls_openpgp_crt_get_fingerprint
347 (gnutls_openpgp_crt_t KEY, void * FPR, size_t * FPRLEN)
348 KEY: the raw data that contains the OpenPGP public key.
350 FPR: the buffer to save the fingerprint, must hold at least 20
353 FPRLEN: the integer to save the length of the fingerprint.
355 Get key fingerprint. Depending on the algorithm, the fingerprint
356 can be 16 or 20 bytes.
358 *Returns:* On success, 0 is returned. Otherwise, an error code.
360 gnutls_openpgp_crt_get_key_id
361 -----------------------------
363 -- Function: int gnutls_openpgp_crt_get_key_id (gnutls_openpgp_crt_t
364 KEY, gnutls_openpgp_keyid_t KEYID)
365 KEY: the structure that contains the OpenPGP public key.
367 KEYID: the buffer to save the keyid.
371 *Returns:* the 64-bit keyID of the OpenPGP key.
375 gnutls_openpgp_crt_get_key_usage
376 --------------------------------
378 -- Function: int gnutls_openpgp_crt_get_key_usage (gnutls_openpgp_crt_t
379 KEY, unsigned int * KEY_USAGE)
380 KEY: should contain a gnutls_openpgp_crt_t structure
382 KEY_USAGE: where the key usage bits will be stored
384 This function will return certificate's key usage, by checking the
385 key algorithm. The key usage value will ORed values of the:
386 'GNUTLS_KEY_DIGITAL_SIGNATURE', 'GNUTLS_KEY_KEY_ENCIPHERMENT'.
388 *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code.
390 gnutls_openpgp_crt_get_name
391 ---------------------------
393 -- Function: int gnutls_openpgp_crt_get_name (gnutls_openpgp_crt_t KEY,
394 int IDX, char * BUF, size_t * SIZEOF_BUF)
395 KEY: the structure that contains the OpenPGP public key.
397 IDX: the index of the ID to extract
399 BUF: a pointer to a structure to hold the name, may be 'NULL' to
400 only get the 'sizeof_buf'.
402 SIZEOF_BUF: holds the maximum size of 'buf', on return hold the
403 actual/required size of 'buf'.
405 Extracts the userID from the parsed OpenPGP key.
407 *Returns:* 'GNUTLS_E_SUCCESS' on success, and if the index of the
408 ID does not exist 'GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE', or an
411 gnutls_openpgp_crt_get_pk_algorithm
412 -----------------------------------
414 -- Function: gnutls_pk_algorithm_t gnutls_openpgp_crt_get_pk_algorithm
415 (gnutls_openpgp_crt_t KEY, unsigned int * BITS)
416 KEY: is an OpenPGP key
418 BITS: if bits is non null it will hold the size of the parameters'
421 This function will return the public key algorithm of an OpenPGP
424 If bits is non null, it should have enough size to hold the
425 parameters size in bits. For RSA the bits returned is the modulus.
426 For DSA the bits returned are of the public exponent.
428 *Returns:* a member of the 'gnutls_pk_algorithm_t' enumeration on
429 success, or GNUTLS_PK_UNKNOWN on error.
431 gnutls_openpgp_crt_get_pk_dsa_raw
432 ---------------------------------
434 -- Function: int gnutls_openpgp_crt_get_pk_dsa_raw
435 (gnutls_openpgp_crt_t CRT, gnutls_datum_t * P, gnutls_datum_t
436 * Q, gnutls_datum_t * G, gnutls_datum_t * Y)
437 CRT: Holds the certificate
447 This function will export the DSA public key's parameters found in
448 the given certificate. The new parameters will be allocated using
449 'gnutls_malloc()' and will be stored in the appropriate datum.
451 *Returns:* 'GNUTLS_E_SUCCESS' on success, otherwise an error.
455 gnutls_openpgp_crt_get_pk_rsa_raw
456 ---------------------------------
458 -- Function: int gnutls_openpgp_crt_get_pk_rsa_raw
459 (gnutls_openpgp_crt_t CRT, gnutls_datum_t * M, gnutls_datum_t
461 CRT: Holds the certificate
463 M: will hold the modulus
465 E: will hold the public exponent
467 This function will export the RSA public key's parameters found in
468 the given structure. The new parameters will be allocated using
469 'gnutls_malloc()' and will be stored in the appropriate datum.
471 *Returns:* 'GNUTLS_E_SUCCESS' on success, otherwise an error.
475 gnutls_openpgp_crt_get_preferred_key_id
476 ---------------------------------------
478 -- Function: int gnutls_openpgp_crt_get_preferred_key_id
479 (gnutls_openpgp_crt_t KEY, gnutls_openpgp_keyid_t KEYID)
480 KEY: the structure that contains the OpenPGP public key.
482 KEYID: the struct to save the keyid.
484 Get preferred key id. If it hasn't been set it returns
485 'GNUTLS_E_INVALID_REQUEST'.
487 *Returns:* the 64-bit preferred keyID of the OpenPGP key.
489 gnutls_openpgp_crt_get_revoked_status
490 -------------------------------------
492 -- Function: int gnutls_openpgp_crt_get_revoked_status
493 (gnutls_openpgp_crt_t KEY)
494 KEY: the structure that contains the OpenPGP public key.
496 Get revocation status of key.
498 *Returns:* true (1) if the key has been revoked, or false (0) if it
503 gnutls_openpgp_crt_get_subkey_count
504 -----------------------------------
506 -- Function: int gnutls_openpgp_crt_get_subkey_count
507 (gnutls_openpgp_crt_t KEY)
508 KEY: is an OpenPGP key
510 This function will return the number of subkeys present in the
511 given OpenPGP certificate.
513 *Returns:* the number of subkeys, or a negative value on error.
517 gnutls_openpgp_crt_get_subkey_creation_time
518 -------------------------------------------
520 -- Function: time_t gnutls_openpgp_crt_get_subkey_creation_time
521 (gnutls_openpgp_crt_t KEY, unsigned int IDX)
522 KEY: the structure that contains the OpenPGP public key.
524 IDX: the subkey index
526 Get subkey creation time.
528 *Returns:* the timestamp when the OpenPGP sub-key was created.
532 gnutls_openpgp_crt_get_subkey_expiration_time
533 ---------------------------------------------
535 -- Function: time_t gnutls_openpgp_crt_get_subkey_expiration_time
536 (gnutls_openpgp_crt_t KEY, unsigned int IDX)
537 KEY: the structure that contains the OpenPGP public key.
539 IDX: the subkey index
541 Get subkey expiration time. A value of '0' means that the key
542 doesn't expire at all.
544 *Returns:* the time when the OpenPGP key expires.
548 gnutls_openpgp_crt_get_subkey_fingerprint
549 -----------------------------------------
551 -- Function: int gnutls_openpgp_crt_get_subkey_fingerprint
552 (gnutls_openpgp_crt_t KEY, unsigned int IDX, void * FPR,
554 KEY: the raw data that contains the OpenPGP public key.
556 IDX: the subkey index
558 FPR: the buffer to save the fingerprint, must hold at least 20
561 FPRLEN: the integer to save the length of the fingerprint.
563 Get key fingerprint of a subkey. Depending on the algorithm, the
564 fingerprint can be 16 or 20 bytes.
566 *Returns:* On success, 0 is returned. Otherwise, an error code.
570 gnutls_openpgp_crt_get_subkey_idx
571 ---------------------------------
573 -- Function: int gnutls_openpgp_crt_get_subkey_idx
574 (gnutls_openpgp_crt_t KEY, const gnutls_openpgp_keyid_t KEYID)
575 KEY: the structure that contains the OpenPGP public key.
581 *Returns:* the index of the subkey or a negative error value.
585 gnutls_openpgp_crt_get_subkey_id
586 --------------------------------
588 -- Function: int gnutls_openpgp_crt_get_subkey_id (gnutls_openpgp_crt_t
589 KEY, unsigned int IDX, gnutls_openpgp_keyid_t KEYID)
590 KEY: the structure that contains the OpenPGP public key.
592 IDX: the subkey index
594 KEYID: the buffer to save the keyid.
596 Get the subkey's key-id.
598 *Returns:* the 64-bit keyID of the OpenPGP key.
600 gnutls_openpgp_crt_get_subkey_pk_algorithm
601 ------------------------------------------
603 -- Function: gnutls_pk_algorithm_t
604 gnutls_openpgp_crt_get_subkey_pk_algorithm
605 (gnutls_openpgp_crt_t KEY, unsigned int IDX, unsigned int *
607 KEY: is an OpenPGP key
609 IDX: is the subkey index
611 BITS: if bits is non null it will hold the size of the parameters'
614 This function will return the public key algorithm of a subkey of
615 an OpenPGP certificate.
617 If bits is non null, it should have enough size to hold the
618 parameters size in bits. For RSA the bits returned is the modulus.
619 For DSA the bits returned are of the public exponent.
621 *Returns:* a member of the 'gnutls_pk_algorithm_t' enumeration on
622 success, or GNUTLS_PK_UNKNOWN on error.
626 gnutls_openpgp_crt_get_subkey_pk_dsa_raw
627 ----------------------------------------
629 -- Function: int gnutls_openpgp_crt_get_subkey_pk_dsa_raw
630 (gnutls_openpgp_crt_t CRT, unsigned int IDX, gnutls_datum_t *
631 P, gnutls_datum_t * Q, gnutls_datum_t * G, gnutls_datum_t * Y)
632 CRT: Holds the certificate
634 IDX: Is the subkey index
644 This function will export the DSA public key's parameters found in
645 the given certificate. The new parameters will be allocated using
646 'gnutls_malloc()' and will be stored in the appropriate datum.
648 *Returns:* 'GNUTLS_E_SUCCESS' on success, otherwise an error.
652 gnutls_openpgp_crt_get_subkey_pk_rsa_raw
653 ----------------------------------------
655 -- Function: int gnutls_openpgp_crt_get_subkey_pk_rsa_raw
656 (gnutls_openpgp_crt_t CRT, unsigned int IDX, gnutls_datum_t *
657 M, gnutls_datum_t * E)
658 CRT: Holds the certificate
660 IDX: Is the subkey index
662 M: will hold the modulus
664 E: will hold the public exponent
666 This function will export the RSA public key's parameters found in
667 the given structure. The new parameters will be allocated using
668 'gnutls_malloc()' and will be stored in the appropriate datum.
670 *Returns:* 'GNUTLS_E_SUCCESS' on success, otherwise an error.
674 gnutls_openpgp_crt_get_subkey_revoked_status
675 --------------------------------------------
677 -- Function: int gnutls_openpgp_crt_get_subkey_revoked_status
678 (gnutls_openpgp_crt_t KEY, unsigned int IDX)
679 KEY: the structure that contains the OpenPGP public key.
681 IDX: is the subkey index
683 Get subkey revocation status. A negative value indicates an error.
685 *Returns:* true (1) if the key has been revoked, or false (0) if it
690 gnutls_openpgp_crt_get_subkey_usage
691 -----------------------------------
693 -- Function: int gnutls_openpgp_crt_get_subkey_usage
694 (gnutls_openpgp_crt_t KEY, unsigned int IDX, unsigned int *
696 KEY: should contain a gnutls_openpgp_crt_t structure
698 IDX: the subkey index
700 KEY_USAGE: where the key usage bits will be stored
702 This function will return certificate's key usage, by checking the
703 key algorithm. The key usage value will ORed values of
704 'GNUTLS_KEY_DIGITAL_SIGNATURE' or 'GNUTLS_KEY_KEY_ENCIPHERMENT'.
706 A negative value may be returned in case of parsing error.
708 *Returns:* key usage value.
712 gnutls_openpgp_crt_get_version
713 ------------------------------
715 -- Function: int gnutls_openpgp_crt_get_version (gnutls_openpgp_crt_t
717 KEY: the structure that contains the OpenPGP public key.
719 Extract the version of the OpenPGP key.
721 *Returns:* the version number is returned, or a negative value on
724 gnutls_openpgp_crt_import
725 -------------------------
727 -- Function: int gnutls_openpgp_crt_import (gnutls_openpgp_crt_t KEY,
728 const gnutls_datum_t * DATA, gnutls_openpgp_crt_fmt_t FORMAT)
729 KEY: The structure to store the parsed key.
731 DATA: The RAW or BASE64 encoded key.
733 FORMAT: One of gnutls_openpgp_crt_fmt_t elements.
735 This function will convert the given RAW or Base64 encoded key to
736 the native 'gnutls_openpgp_crt_t' format. The output will be
739 *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code.
741 gnutls_openpgp_crt_init
742 -----------------------
744 -- Function: int gnutls_openpgp_crt_init (gnutls_openpgp_crt_t * KEY)
745 KEY: The structure to be initialized
747 This function will initialize an OpenPGP key structure.
749 *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code.
751 gnutls_openpgp_crt_print
752 ------------------------
754 -- Function: int gnutls_openpgp_crt_print (gnutls_openpgp_crt_t CERT,
755 gnutls_certificate_print_formats_t FORMAT, gnutls_datum_t *
757 CERT: The structure to be printed
759 FORMAT: Indicate the format to use
761 OUT: Newly allocated datum with zero terminated string.
763 This function will pretty print an OpenPGP certificate, suitable
764 for display to a human.
766 The format should be zero for future compatibility.
768 The output 'out' needs to be deallocate using 'gnutls_free()'.
770 *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code.
772 gnutls_openpgp_crt_set_preferred_key_id
773 ---------------------------------------
775 -- Function: int gnutls_openpgp_crt_set_preferred_key_id
776 (gnutls_openpgp_crt_t KEY, const gnutls_openpgp_keyid_t KEYID)
777 KEY: the structure that contains the OpenPGP public key.
779 KEYID: the selected keyid
781 This allows setting a preferred key id for the given certificate.
782 This key will be used by functions that involve key handling.
784 *Returns:* On success, 'GNUTLS_E_SUCCESS' (zero) is returned,
785 otherwise an error code is returned.
787 gnutls_openpgp_crt_verify_ring
788 ------------------------------
790 -- Function: int gnutls_openpgp_crt_verify_ring (gnutls_openpgp_crt_t
791 KEY, gnutls_openpgp_keyring_t KEYRING, unsigned int FLAGS,
792 unsigned int * VERIFY)
793 KEY: the structure that holds the key.
795 KEYRING: holds the keyring to check against
797 FLAGS: unused (should be 0)
799 VERIFY: will hold the certificate verification output.
801 Verify all signatures in the key, using the given set of keys
804 The key verification output will be put in 'verify' and will be one
805 or more of the 'gnutls_certificate_status_t' enumerated elements
808 *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code.
810 gnutls_openpgp_crt_verify_self
811 ------------------------------
813 -- Function: int gnutls_openpgp_crt_verify_self (gnutls_openpgp_crt_t
814 KEY, unsigned int FLAGS, unsigned int * VERIFY)
815 KEY: the structure that holds the key.
817 FLAGS: unused (should be 0)
819 VERIFY: will hold the key verification output.
821 Verifies the self signature in the key. The key verification
822 output will be put in 'verify' and will be one or more of the
823 gnutls_certificate_status_t enumerated elements bitwise or'd.
825 *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code.
827 gnutls_openpgp_keyring_check_id
828 -------------------------------
830 -- Function: int gnutls_openpgp_keyring_check_id
831 (gnutls_openpgp_keyring_t RING, const gnutls_openpgp_keyid_t
832 KEYID, unsigned int FLAGS)
833 RING: holds the keyring to check against
835 KEYID: will hold the keyid to check for.
837 FLAGS: unused (should be 0)
839 Check if a given key ID exists in the keyring.
841 *Returns:* 'GNUTLS_E_SUCCESS' on success (if keyid exists) and a
842 negative error code on failure.
844 gnutls_openpgp_keyring_deinit
845 -----------------------------
847 -- Function: void gnutls_openpgp_keyring_deinit
848 (gnutls_openpgp_keyring_t KEYRING)
849 KEYRING: The structure to be initialized
851 This function will deinitialize a keyring structure.
853 gnutls_openpgp_keyring_get_crt_count
854 ------------------------------------
856 -- Function: int gnutls_openpgp_keyring_get_crt_count
857 (gnutls_openpgp_keyring_t RING)
858 RING: is an OpenPGP key ring
860 This function will return the number of OpenPGP certificates
861 present in the given keyring.
863 *Returns:* the number of subkeys, or a negative value on error.
865 gnutls_openpgp_keyring_get_crt
866 ------------------------------
868 -- Function: int gnutls_openpgp_keyring_get_crt
869 (gnutls_openpgp_keyring_t RING, unsigned int IDX,
870 gnutls_openpgp_crt_t * CERT)
871 RING: Holds the keyring.
873 IDX: the index of the certificate to export
875 CERT: An uninitialized 'gnutls_openpgp_crt_t' structure
877 This function will extract an OpenPGP certificate from the given
878 keyring. If the index given is out of range
879 'GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE' will be returned. The
880 returned structure needs to be deinited.
882 *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code.
884 gnutls_openpgp_keyring_import
885 -----------------------------
887 -- Function: int gnutls_openpgp_keyring_import
888 (gnutls_openpgp_keyring_t KEYRING, const gnutls_datum_t *
889 DATA, gnutls_openpgp_crt_fmt_t FORMAT)
890 KEYRING: The structure to store the parsed key.
892 DATA: The RAW or BASE64 encoded keyring.
894 FORMAT: One of 'gnutls_openpgp_keyring_fmt' elements.
896 This function will convert the given RAW or Base64 encoded keyring
897 to the native 'gnutls_openpgp_keyring_t' format. The output will
898 be stored in 'keyring'.
900 *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code.
902 gnutls_openpgp_keyring_init
903 ---------------------------
905 -- Function: int gnutls_openpgp_keyring_init (gnutls_openpgp_keyring_t
907 KEYRING: The structure to be initialized
909 This function will initialize an keyring structure.
911 *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code.
913 gnutls_openpgp_privkey_deinit
914 -----------------------------
916 -- Function: void gnutls_openpgp_privkey_deinit
917 (gnutls_openpgp_privkey_t KEY)
918 KEY: The structure to be initialized
920 This function will deinitialize a key structure.
922 gnutls_openpgp_privkey_export_dsa_raw
923 -------------------------------------
925 -- Function: int gnutls_openpgp_privkey_export_dsa_raw
926 (gnutls_openpgp_privkey_t PKEY, gnutls_datum_t * P,
927 gnutls_datum_t * Q, gnutls_datum_t * G, gnutls_datum_t * Y,
929 PKEY: Holds the certificate
941 This function will export the DSA private key's parameters found in
942 the given certificate. The new parameters will be allocated using
943 'gnutls_malloc()' and will be stored in the appropriate datum.
945 *Returns:* 'GNUTLS_E_SUCCESS' on success, otherwise an error.
949 gnutls_openpgp_privkey_export_rsa_raw
950 -------------------------------------
952 -- Function: int gnutls_openpgp_privkey_export_rsa_raw
953 (gnutls_openpgp_privkey_t PKEY, gnutls_datum_t * M,
954 gnutls_datum_t * E, gnutls_datum_t * D, gnutls_datum_t * P,
955 gnutls_datum_t * Q, gnutls_datum_t * U)
956 PKEY: Holds the certificate
958 M: will hold the modulus
960 E: will hold the public exponent
962 D: will hold the private exponent
964 P: will hold the first prime (p)
966 Q: will hold the second prime (q)
968 U: will hold the coefficient
970 This function will export the RSA private key's parameters found in
971 the given structure. The new parameters will be allocated using
972 'gnutls_malloc()' and will be stored in the appropriate datum.
974 *Returns:* 'GNUTLS_E_SUCCESS' on success, otherwise an error.
978 gnutls_openpgp_privkey_export_subkey_dsa_raw
979 --------------------------------------------
981 -- Function: int gnutls_openpgp_privkey_export_subkey_dsa_raw
982 (gnutls_openpgp_privkey_t PKEY, unsigned int IDX,
983 gnutls_datum_t * P, gnutls_datum_t * Q, gnutls_datum_t * G,
984 gnutls_datum_t * Y, gnutls_datum_t * X)
985 PKEY: Holds the certificate
987 IDX: Is the subkey index
999 This function will export the DSA private key's parameters found in
1000 the given certificate. The new parameters will be allocated using
1001 'gnutls_malloc()' and will be stored in the appropriate datum.
1003 *Returns:* 'GNUTLS_E_SUCCESS' on success, otherwise an error.
1007 gnutls_openpgp_privkey_export_subkey_rsa_raw
1008 --------------------------------------------
1010 -- Function: int gnutls_openpgp_privkey_export_subkey_rsa_raw
1011 (gnutls_openpgp_privkey_t PKEY, unsigned int IDX,
1012 gnutls_datum_t * M, gnutls_datum_t * E, gnutls_datum_t * D,
1013 gnutls_datum_t * P, gnutls_datum_t * Q, gnutls_datum_t * U)
1014 PKEY: Holds the certificate
1016 IDX: Is the subkey index
1018 M: will hold the modulus
1020 E: will hold the public exponent
1022 D: will hold the private exponent
1024 P: will hold the first prime (p)
1026 Q: will hold the second prime (q)
1028 U: will hold the coefficient
1030 This function will export the RSA private key's parameters found in
1031 the given structure. The new parameters will be allocated using
1032 'gnutls_malloc()' and will be stored in the appropriate datum.
1034 *Returns:* 'GNUTLS_E_SUCCESS' on success, otherwise an error.
1038 gnutls_openpgp_privkey_export
1039 -----------------------------
1041 -- Function: int gnutls_openpgp_privkey_export
1042 (gnutls_openpgp_privkey_t KEY, gnutls_openpgp_crt_fmt_t
1043 FORMAT, const char * PASSWORD, unsigned int FLAGS, void *
1044 OUTPUT_DATA, size_t * OUTPUT_DATA_SIZE)
1047 FORMAT: One of gnutls_openpgp_crt_fmt_t elements.
1049 PASSWORD: the password that will be used to encrypt the key.
1052 FLAGS: zero for future compatibility
1054 OUTPUT_DATA: will contain the key base64 encoded or raw
1056 OUTPUT_DATA_SIZE: holds the size of output_data (and will be
1057 replaced by the actual size of parameters)
1059 This function will convert the given key to RAW or Base64 format.
1060 If the buffer provided is not long enough to hold the output, then
1061 GNUTLS_E_SHORT_MEMORY_BUFFER will be returned.
1063 *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code.
1067 gnutls_openpgp_privkey_get_fingerprint
1068 --------------------------------------
1070 -- Function: int gnutls_openpgp_privkey_get_fingerprint
1071 (gnutls_openpgp_privkey_t KEY, void * FPR, size_t * FPRLEN)
1072 KEY: the raw data that contains the OpenPGP secret key.
1074 FPR: the buffer to save the fingerprint, must hold at least 20
1077 FPRLEN: the integer to save the length of the fingerprint.
1079 Get the fingerprint of the OpenPGP key. Depends on the algorithm,
1080 the fingerprint can be 16 or 20 bytes.
1082 *Returns:* On success, 0 is returned, or an error code.
1086 gnutls_openpgp_privkey_get_key_id
1087 ---------------------------------
1089 -- Function: int gnutls_openpgp_privkey_get_key_id
1090 (gnutls_openpgp_privkey_t KEY, gnutls_openpgp_keyid_t KEYID)
1091 KEY: the structure that contains the OpenPGP secret key.
1093 KEYID: the buffer to save the keyid.
1097 *Returns:* the 64-bit keyID of the OpenPGP key.
1101 gnutls_openpgp_privkey_get_pk_algorithm
1102 ---------------------------------------
1104 -- Function: gnutls_pk_algorithm_t
1105 gnutls_openpgp_privkey_get_pk_algorithm
1106 (gnutls_openpgp_privkey_t KEY, unsigned int * BITS)
1107 KEY: is an OpenPGP key
1109 BITS: if bits is non null it will hold the size of the parameters'
1112 This function will return the public key algorithm of an OpenPGP
1115 If bits is non null, it should have enough size to hold the
1116 parameters size in bits. For RSA the bits returned is the modulus.
1117 For DSA the bits returned are of the public exponent.
1119 *Returns:* a member of the 'gnutls_pk_algorithm_t' enumeration on
1120 success, or a negative value on error.
1124 gnutls_openpgp_privkey_get_preferred_key_id
1125 -------------------------------------------
1127 -- Function: int gnutls_openpgp_privkey_get_preferred_key_id
1128 (gnutls_openpgp_privkey_t KEY, gnutls_openpgp_keyid_t KEYID)
1129 KEY: the structure that contains the OpenPGP public key.
1131 KEYID: the struct to save the keyid.
1133 Get the preferred key-id for the key.
1135 *Returns:* the 64-bit preferred keyID of the OpenPGP key, or if it
1136 hasn't been set it returns 'GNUTLS_E_INVALID_REQUEST'.
1138 gnutls_openpgp_privkey_get_revoked_status
1139 -----------------------------------------
1141 -- Function: int gnutls_openpgp_privkey_get_revoked_status
1142 (gnutls_openpgp_privkey_t KEY)
1143 KEY: the structure that contains the OpenPGP private key.
1145 Get revocation status of key.
1147 *Returns:* true (1) if the key has been revoked, or false (0) if it
1148 has not, or a negative value indicates an error.
1152 gnutls_openpgp_privkey_get_subkey_count
1153 ---------------------------------------
1155 -- Function: int gnutls_openpgp_privkey_get_subkey_count
1156 (gnutls_openpgp_privkey_t KEY)
1157 KEY: is an OpenPGP key
1159 This function will return the number of subkeys present in the
1160 given OpenPGP certificate.
1162 *Returns:* the number of subkeys, or a negative value on error.
1166 gnutls_openpgp_privkey_get_subkey_creation_time
1167 -----------------------------------------------
1169 -- Function: time_t gnutls_openpgp_privkey_get_subkey_creation_time
1170 (gnutls_openpgp_privkey_t KEY, unsigned int IDX)
1171 KEY: the structure that contains the OpenPGP private key.
1173 IDX: the subkey index
1175 Get subkey creation time.
1177 *Returns:* the timestamp when the OpenPGP key was created.
1181 gnutls_openpgp_privkey_get_subkey_expiration_time
1182 -------------------------------------------------
1184 -- Function: time_t gnutls_openpgp_privkey_get_subkey_expiration_time
1185 (gnutls_openpgp_privkey_t KEY, unsigned int IDX)
1186 KEY: the structure that contains the OpenPGP private key.
1188 IDX: the subkey index
1190 Get subkey expiration time. A value of '0' means that the key
1191 doesn't expire at all.
1193 *Returns:* the time when the OpenPGP key expires.
1197 gnutls_openpgp_privkey_get_subkey_fingerprint
1198 ---------------------------------------------
1200 -- Function: int gnutls_openpgp_privkey_get_subkey_fingerprint
1201 (gnutls_openpgp_privkey_t KEY, unsigned int IDX, void * FPR,
1203 KEY: the raw data that contains the OpenPGP secret key.
1205 IDX: the subkey index
1207 FPR: the buffer to save the fingerprint, must hold at least 20
1210 FPRLEN: the integer to save the length of the fingerprint.
1212 Get the fingerprint of an OpenPGP subkey. Depends on the
1213 algorithm, the fingerprint can be 16 or 20 bytes.
1215 *Returns:* On success, 0 is returned, or an error code.
1219 gnutls_openpgp_privkey_get_subkey_idx
1220 -------------------------------------
1222 -- Function: int gnutls_openpgp_privkey_get_subkey_idx
1223 (gnutls_openpgp_privkey_t KEY, const gnutls_openpgp_keyid_t
1225 KEY: the structure that contains the OpenPGP private key.
1229 Get index of subkey.
1231 *Returns:* the index of the subkey or a negative error value.
1235 gnutls_openpgp_privkey_get_subkey_id
1236 ------------------------------------
1238 -- Function: int gnutls_openpgp_privkey_get_subkey_id
1239 (gnutls_openpgp_privkey_t KEY, unsigned int IDX,
1240 gnutls_openpgp_keyid_t KEYID)
1241 KEY: the structure that contains the OpenPGP secret key.
1243 IDX: the subkey index
1245 KEYID: the buffer to save the keyid.
1247 Get the key-id for the subkey.
1249 *Returns:* the 64-bit keyID of the OpenPGP key.
1253 gnutls_openpgp_privkey_get_subkey_pk_algorithm
1254 ----------------------------------------------
1256 -- Function: gnutls_pk_algorithm_t
1257 gnutls_openpgp_privkey_get_subkey_pk_algorithm
1258 (gnutls_openpgp_privkey_t KEY, unsigned int IDX, unsigned int
1260 KEY: is an OpenPGP key
1262 IDX: is the subkey index
1264 BITS: if bits is non null it will hold the size of the parameters'
1267 This function will return the public key algorithm of a subkey of
1268 an OpenPGP certificate.
1270 If bits is non null, it should have enough size to hold the
1271 parameters size in bits. For RSA the bits returned is the modulus.
1272 For DSA the bits returned are of the public exponent.
1274 *Returns:* a member of the 'gnutls_pk_algorithm_t' enumeration on
1275 success, or a negative value on error.
1279 gnutls_openpgp_privkey_get_subkey_revoked_status
1280 ------------------------------------------------
1282 -- Function: int gnutls_openpgp_privkey_get_subkey_revoked_status
1283 (gnutls_openpgp_privkey_t KEY, unsigned int IDX)
1284 KEY: the structure that contains the OpenPGP private key.
1286 IDX: is the subkey index
1288 Get revocation status of key.
1290 *Returns:* true (1) if the key has been revoked, or false (0) if it
1291 has not, or a negative value indicates an error.
1295 gnutls_openpgp_privkey_import
1296 -----------------------------
1298 -- Function: int gnutls_openpgp_privkey_import
1299 (gnutls_openpgp_privkey_t KEY, const gnutls_datum_t * DATA,
1300 gnutls_openpgp_crt_fmt_t FORMAT, const char * PASSWORD,
1302 KEY: The structure to store the parsed key.
1304 DATA: The RAW or BASE64 encoded key.
1306 FORMAT: One of 'gnutls_openpgp_crt_fmt_t' elements.
1308 PASSWORD: not used for now
1310 FLAGS: should be zero
1312 This function will convert the given RAW or Base64 encoded key to
1313 the native gnutls_openpgp_privkey_t format. The output will be
1316 *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code.
1318 gnutls_openpgp_privkey_init
1319 ---------------------------
1321 -- Function: int gnutls_openpgp_privkey_init (gnutls_openpgp_privkey_t
1323 KEY: The structure to be initialized
1325 This function will initialize an OpenPGP key structure.
1327 *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code.
1329 gnutls_openpgp_privkey_sec_param
1330 --------------------------------
1332 -- Function: gnutls_sec_param_t gnutls_openpgp_privkey_sec_param
1333 (gnutls_openpgp_privkey_t KEY)
1334 KEY: a key structure
1336 This function will return the security parameter appropriate with
1339 *Returns:* On success, a valid security parameter is returned
1340 otherwise 'GNUTLS_SEC_PARAM_UNKNOWN' is returned.
1342 gnutls_openpgp_privkey_set_preferred_key_id
1343 -------------------------------------------
1345 -- Function: int gnutls_openpgp_privkey_set_preferred_key_id
1346 (gnutls_openpgp_privkey_t KEY, const gnutls_openpgp_keyid_t
1348 KEY: the structure that contains the OpenPGP public key.
1350 KEYID: the selected keyid
1352 This allows setting a preferred key id for the given certificate.
1353 This key will be used by functions that involve key handling.
1355 *Returns:* On success, 0 is returned, or an error code.
1357 gnutls_openpgp_privkey_sign_hash
1358 --------------------------------
1360 -- Function: int gnutls_openpgp_privkey_sign_hash
1361 (gnutls_openpgp_privkey_t KEY, const gnutls_datum_t * HASH,
1362 gnutls_datum_t * SIGNATURE)
1365 HASH: holds the data to be signed
1367 SIGNATURE: will contain newly allocated signature
1369 This function will sign the given hash using the private key. You
1370 should use 'gnutls_openpgp_privkey_set_preferred_key_id()' before
1371 calling this function to set the subkey to use.
1373 *Returns:* On success, 'GNUTLS_E_SUCCESS' is returned, otherwise a
1374 negative error value.
1376 *Deprecated:* Use 'gnutls_privkey_sign_hash()' instead.
1378 gnutls_openpgp_set_recv_key_function
1379 ------------------------------------
1381 -- Function: void gnutls_openpgp_set_recv_key_function
1382 (gnutls_session_t SESSION, gnutls_openpgp_recv_key_func FUNC)
1383 SESSION: a TLS session
1387 This funtion will set a key retrieval function for OpenPGP keys.
1388 This callback is only useful in server side, and will be used if
1389 the peer sent a key fingerprint instead of a full key.
1392 File: gnutls.info, Node: TLS Inner Application (TLS/IA) functions, Next: Error codes and descriptions, Prev: OpenPGP functions, Up: Function reference
1394 9.5 TLS Inner Application (TLS/IA) Functions
1395 ============================================
1397 The following functions are used for TLS Inner Application (TLS/IA).
1398 Their prototypes lie in 'gnutls/extra.h'. You need to link with
1399 'libgnutls-extra' to be able to use these functions (*note GnuTLS-extra
1402 The typical control flow in an TLS/IA client (that would not require an
1403 Application Phase for resumed sessions) would be similar to the
1406 int client_avp (gnuls_session_t *session, void *ptr,
1407 const char *last, size_t lastlen,
1408 char **new, size_t *newlen)
1415 gnutls_ia_client_credentials_t iacred;
1417 gnutls_init (&session, GNUTLS_CLIENT);
1419 /* Enable TLS/IA. */
1420 gnutls_ia_allocate_client_credentials(&iacred);
1421 gnutls_ia_set_client_avp_function(iacred, client_avp);
1422 gnutls_credentials_set (session, GNUTLS_CRD_IA, iacred);
1424 ret = gnutls_handshake (session);
1425 // Error handling...
1427 if (gnutls_ia_handshake_p (session))
1429 ret = gnutls_ia_handshake (session);
1430 // Error handling...
1433 See below for detailed descriptions of all the functions used above.
1435 The function 'client_avp' would have to be implemented by your
1436 application. The function is responsible for handling the AVP data.
1437 See 'gnutls_ia_set_client_avp_function' below for more information on
1438 how that function should be implemented.
1440 The control flow in a typical server is similar to the above, use
1441 'gnutls_ia_server_credentials_t' instead of
1442 'gnutls_ia_client_credentials_t', and replace the call to the client
1443 functions with the corresponding server functions.
1445 gnutls_ia_allocate_client_credentials
1446 -------------------------------------
1448 -- Function: int gnutls_ia_allocate_client_credentials
1449 (gnutls_ia_client_credentials_t * SC)
1450 SC: is a pointer to a 'gnutls_ia_server_credentials_t' structure.
1452 This structure is complex enough to manipulate directly thus this
1453 helper function is provided in order to allocate it.
1455 Adding this credential to a session will enable TLS/IA, and will
1456 require an Application Phase after the TLS handshake (if the server
1457 support TLS/IA). Use 'gnutls_ia_enable()' to toggle the TLS/IA
1460 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
1461 otherwise an error code is returned.
1463 gnutls_ia_allocate_server_credentials
1464 -------------------------------------
1466 -- Function: int gnutls_ia_allocate_server_credentials
1467 (gnutls_ia_server_credentials_t * SC)
1468 SC: is a pointer to a 'gnutls_ia_server_credentials_t' structure.
1470 This structure is complex enough to manipulate directly thus this
1471 helper function is provided in order to allocate it.
1473 Adding this credential to a session will enable TLS/IA, and will
1474 require an Application Phase after the TLS handshake (if the client
1475 support TLS/IA). Use 'gnutls_ia_enable()' to toggle the TLS/IA
1478 *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
1479 otherwise an error code is returned.
1484 -- Function: void gnutls_ia_enable (gnutls_session_t SESSION, int
1485 ALLOW_SKIP_ON_RESUME)
1486 SESSION: is a 'gnutls_session_t' structure.
1488 ALLOW_SKIP_ON_RESUME: non-zero if local party allows one to skip
1489 the TLS/IA application phases for a resumed session.
1491 Specify whether we must advertise support for the TLS/IA extension
1492 during the handshake.
1494 At the client side, we always advertise TLS/IA if gnutls_ia_enable
1495 was called before the handshake; at the server side, we also
1496 require that the client has advertised that it wants to run TLS/IA
1497 before including the advertisement, as required by the protocol.
1499 Similarly, at the client side we always advertise that we allow
1500 TLS/IA to be skipped for resumed sessions if 'allow_skip_on_resume'
1501 is non-zero; at the server side, we also require that the session
1502 is indeed resumable and that the client has also advertised that it
1503 allows TLS/IA to be skipped for resumed sessions.
1505 After the TLS handshake, call 'gnutls_ia_handshake_p()' to find out
1506 whether both parties agreed to do a TLS/IA handshake, before
1507 calling 'gnutls_ia_handshake()' or one of the lower level
1508 gnutls_ia_* functions.
1510 gnutls_ia_endphase_send
1511 -----------------------
1513 -- Function: int gnutls_ia_endphase_send (gnutls_session_t SESSION, int
1515 SESSION: is a 'gnutls_session_t' structure.
1517 FINAL_P: Set iff this should signal the final phase.
1519 Send a TLS/IA end phase message.
1521 In the client, this should only be used to acknowledge an end phase
1522 message sent by the server.
1524 In the server, this can be called instead of 'gnutls_ia_send()' if
1525 the server wishes to end an application phase.
1527 *Return value:* Return 0 on success, or an error code.
1529 gnutls_ia_extract_inner_secret
1530 ------------------------------
1532 -- Function: void gnutls_ia_extract_inner_secret (gnutls_session_t
1533 SESSION, char * BUFFER)
1534 SESSION: is a 'gnutls_session_t' structure.
1536 BUFFER: pre-allocated buffer to hold 48 bytes of inner secret.
1538 Copy the 48 bytes large inner secret into the specified buffer
1540 This function is typically used after the TLS/IA handshake has
1541 concluded. The TLS/IA inner secret can be used as input to a PRF
1542 to derive session keys. Do not use the inner secret directly as a
1543 session key, because for a resumed session that does not include an
1544 application phase, the inner secret will be identical to the inner
1545 secret in the original session. It is important to include, for
1546 example, the client and server randomness when deriving a sesssion
1547 key from the inner secret.
1549 gnutls_ia_free_client_credentials
1550 ---------------------------------
1552 -- Function: void gnutls_ia_free_client_credentials
1553 (gnutls_ia_client_credentials_t SC)
1554 SC: is a 'gnutls_ia_client_credentials_t' structure.
1556 This structure is complex enough to manipulate directly thus this
1557 helper function is provided in order to free (deallocate) it.
1559 gnutls_ia_free_server_credentials
1560 ---------------------------------
1562 -- Function: void gnutls_ia_free_server_credentials
1563 (gnutls_ia_server_credentials_t SC)
1564 SC: is a 'gnutls_ia_server_credentials_t' structure.
1566 This structure is complex enough to manipulate directly thus this
1567 helper function is provided in order to free (deallocate) it.
1569 gnutls_ia_generate_challenge
1570 ----------------------------
1572 -- Function: int gnutls_ia_generate_challenge (gnutls_session_t
1573 SESSION, size_t BUFFER_SIZE, char * BUFFER)
1574 SESSION: is a 'gnutls_session_t' structure.
1576 BUFFER_SIZE: size of output buffer.
1578 BUFFER: pre-allocated buffer to contain 'buffer_size' bytes of
1581 Generate an application challenge that the client cannot control or
1582 predict, based on the TLS/IA inner secret.
1584 *Return value:* Returns 0 on success, or an negative error code.
1586 gnutls_ia_get_client_avp_ptr
1587 ----------------------------
1589 -- Function: void * gnutls_ia_get_client_avp_ptr
1590 (gnutls_ia_client_credentials_t CRED)
1591 CRED: is a 'gnutls_ia_client_credentials_t' structure.
1593 Returns the pointer that will be provided to the TLS/IA callback
1594 function as the first argument.
1596 *Returns:* The client callback data pointer.
1598 gnutls_ia_get_server_avp_ptr
1599 ----------------------------
1601 -- Function: void * gnutls_ia_get_server_avp_ptr
1602 (gnutls_ia_server_credentials_t CRED)
1603 CRED: is a 'gnutls_ia_client_credentials_t' structure.
1605 Returns the pointer that will be provided to the TLS/IA callback
1606 function as the first argument.
1608 *Returns:* The server callback data pointer.
1610 gnutls_ia_handshake_p
1611 ---------------------
1613 -- Function: int gnutls_ia_handshake_p (gnutls_session_t SESSION)
1614 SESSION: is a 'gnutls_session_t' structure.
1616 Predicate to be used after 'gnutls_handshake()' to decide whether
1617 to invoke 'gnutls_ia_handshake()'. Usable by both clients and
1620 *Return value:* non-zero if TLS/IA handshake is expected, zero
1626 -- Function: int gnutls_ia_handshake (gnutls_session_t SESSION)
1627 SESSION: is a 'gnutls_session_t' structure.
1629 Perform a TLS/IA handshake. This should be called after
1630 'gnutls_handshake()' iff 'gnutls_ia_handshake_p()'.
1632 *Returns:* On success, 'GNUTLS_E_SUCCESS' (zero) is returned,
1633 otherwise an error code is returned.
1635 gnutls_ia_permute_inner_secret
1636 ------------------------------
1638 -- Function: int gnutls_ia_permute_inner_secret (gnutls_session_t
1639 SESSION, size_t SESSION_KEYS_SIZE, const char * SESSION_KEYS)
1640 SESSION: is a 'gnutls_session_t' structure.
1642 SESSION_KEYS_SIZE: Size of generated session keys (0 if none).
1644 SESSION_KEYS: Generated session keys, used to permute inner secret
1647 Permute the inner secret using the generated session keys.
1649 This can be called in the TLS/IA AVP callback to mix any generated
1650 session keys with the TLS/IA inner secret.
1652 *Return value:* Return zero on success, or a negative error code.
1657 -- Function: ssize_t gnutls_ia_recv (gnutls_session_t SESSION, char *
1658 DATA, size_t SIZEOFDATA)
1659 SESSION: is a 'gnutls_session_t' structure.
1661 DATA: the buffer that the data will be read into, must hold >= 12
1664 SIZEOFDATA: the number of requested bytes, must be >= 12.
1666 Receive TLS/IA data. This function has the similar semantics with
1667 'recv()'. The only difference is that it accepts a GnuTLS session,
1668 and uses different error codes.
1670 If the server attempt to finish an application phase, this function
1671 will return 'GNUTLS_E_WARNING_IA_IPHF_RECEIVED' or
1672 'GNUTLS_E_WARNING_IA_FPHF_RECEIVED'. The caller should then invoke
1673 'gnutls_ia_verify_endphase()', and if it runs the client side, also
1674 send an endphase message of its own using gnutls_ia_endphase_send.
1676 If EINTR is returned by the internal push function (the default is
1677 'code'{'recv()'}) then GNUTLS_E_INTERRUPTED will be returned. If
1678 GNUTLS_E_INTERRUPTED or GNUTLS_E_AGAIN is returned, you must call
1679 this function again, with the same parameters; alternatively you
1680 could provide a NULL pointer for data, and 0 for size.
1682 *Returns:* The number of bytes received. A negative error code is
1683 returned in case of an error. The
1684 'GNUTLS_E_WARNING_IA_IPHF_RECEIVED' and
1685 'GNUTLS_E_WARNING_IA_FPHF_RECEIVED' errors are returned when an
1686 application phase finished message has been sent by the server.
1691 -- Function: ssize_t gnutls_ia_send (gnutls_session_t SESSION, const
1692 char * DATA, size_t SIZEOFDATA)
1693 SESSION: is a 'gnutls_session_t' structure.
1695 DATA: contains the data to send
1697 SIZEOFDATA: is the length of the data
1699 Send TLS/IA application payload data. This function has the
1700 similar semantics with 'send()'. The only difference is that it
1701 accepts a GnuTLS session, and uses different error codes.
1703 The TLS/IA protocol is synchronous, so you cannot send more than
1704 one packet at a time. The client always send the first packet.
1706 To finish an application phase in the server, use
1707 'gnutls_ia_endphase_send()'. The client cannot end an application
1708 phase unilaterally; rather, a client is required to respond with an
1709 endphase of its own if gnutls_ia_recv indicates that the server has
1712 If the EINTR is returned by the internal push function (the default
1713 is 'send()'} then 'GNUTLS_E_INTERRUPTED' will be returned. If
1714 'GNUTLS_E_INTERRUPTED' or 'GNUTLS_E_AGAIN' is returned, you must
1715 call this function again, with the same parameters; alternatively
1716 you could provide a 'NULL' pointer for data, and 0 for size.
1718 *Returns:* The number of bytes sent, or a negative error code.
1720 gnutls_ia_set_client_avp_function
1721 ---------------------------------
1723 -- Function: void gnutls_ia_set_client_avp_function
1724 (gnutls_ia_client_credentials_t CRED, gnutls_ia_avp_func
1726 CRED: is a 'gnutls_ia_client_credentials_t' structure.
1728 AVP_FUNC: is the callback function
1730 Set the TLS/IA AVP callback handler used for the session.
1732 The AVP callback is called to process AVPs received from the
1733 server, and to get a new AVP to send to the server.
1735 The callback's function form is: int (*avp_func) (gnutls_session_t
1736 session, void *ptr, const char *last, size_t lastlen, char **next,
1739 The 'session' parameter is the 'gnutls_session_t' structure
1740 corresponding to the current session. The 'ptr' parameter is the
1741 application hook pointer, set through
1742 'gnutls_ia_set_client_avp_ptr()'. The AVP received from the server
1743 is present in 'last' of 'lastlen' size, which will be 'NULL' on the
1744 first invocation. The newly allocated output AVP to send to the
1745 server should be placed in *'next' of *'nextlen' size.
1747 The callback may invoke 'gnutls_ia_permute_inner_secret()' to mix
1748 any generated session keys with the TLS/IA inner secret.
1750 Return 0 ('GNUTLS_IA_APPLICATION_PAYLOAD') on success, or a
1751 negative error code to abort the TLS/IA handshake.
1753 Note that the callback must use allocate the 'next' parameter using
1754 'gnutls_malloc()', because it is released via 'gnutls_free()' by
1755 the TLS/IA handshake function.
1757 gnutls_ia_set_client_avp_ptr
1758 ----------------------------
1760 -- Function: void gnutls_ia_set_client_avp_ptr
1761 (gnutls_ia_client_credentials_t CRED, void * PTR)
1762 CRED: is a 'gnutls_ia_client_credentials_t' structure.
1766 Sets the pointer that will be provided to the TLS/IA callback
1767 function as the first argument.
1769 gnutls_ia_set_server_avp_function
1770 ---------------------------------
1772 -- Function: void gnutls_ia_set_server_avp_function
1773 (gnutls_ia_server_credentials_t CRED, gnutls_ia_avp_func
1775 CRED: is a 'gnutls_ia_server_credentials_t' structure.
1777 Set the TLS/IA AVP callback handler used for the session.
1779 The callback's function form is: int (*avp_func) (gnutls_session_t
1780 session, void *ptr, const char *last, size_t lastlen, char **next,
1783 The 'session' parameter is the 'gnutls_session_t' structure
1784 corresponding to the current session. The 'ptr' parameter is the
1785 application hook pointer, set through
1786 'gnutls_ia_set_server_avp_ptr()'. The AVP received from the client
1787 is present in 'last' of 'lastlen' size. The newly allocated output
1788 AVP to send to the client should be placed in *'next' of *'nextlen'
1791 The AVP callback is called to process incoming AVPs from the
1792 client, and to get a new AVP to send to the client. It can also be
1793 used to instruct the TLS/IA handshake to do go into the
1794 Intermediate or Final phases. It return a negative error code, or
1795 a 'gnutls_ia_apptype_t' message type.
1797 The callback may invoke 'gnutls_ia_permute_inner_secret()' to mix
1798 any generated session keys with the TLS/IA inner secret.
1800 Specifically, return 'GNUTLS_IA_APPLICATION_PAYLOAD' (0) to send
1801 another AVP to the client, return
1802 'GNUTLS_IA_INTERMEDIATE_PHASE_FINISHED' (1) to indicate that an
1803 IntermediatePhaseFinished message should be sent, and return
1804 'GNUTLS_IA_FINAL_PHASE_FINISHED' (2) to indicate that an
1805 FinalPhaseFinished message should be sent. In the last two cases,
1806 the contents of the 'next' and 'nextlen' parameter is not used.
1808 Note that the callback must use allocate the 'next' parameter using
1809 'gnutls_malloc()', because it is released via 'gnutls_free()' by
1810 the TLS/IA handshake function.
1812 gnutls_ia_set_server_avp_ptr
1813 ----------------------------
1815 -- Function: void gnutls_ia_set_server_avp_ptr
1816 (gnutls_ia_server_credentials_t CRED, void * PTR)
1817 CRED: is a 'gnutls_ia_client_credentials_t' structure.
1821 Sets the pointer that will be provided to the TLS/IA callback
1822 function as the first argument.
1824 gnutls_ia_verify_endphase
1825 -------------------------
1827 -- Function: int gnutls_ia_verify_endphase (gnutls_session_t SESSION,
1828 const char * CHECKSUM)
1829 SESSION: is a 'gnutls_session_t' structure.
1831 CHECKSUM: 12-byte checksum data, received from 'gnutls_ia_recv()'.
1833 Verify TLS/IA end phase checksum data. If verification fails, the
1834 'GNUTLS_A_INNER_APPLICATION_VERIFICATION' alert is sent to the
1837 This function is called when 'gnutls_ia_recv()' return
1838 'GNUTLS_E_WARNING_IA_IPHF_RECEIVED' or
1839 'GNUTLS_E_WARNING_IA_FPHF_RECEIVED'.
1841 *Return value:* Return 0 on successful verification, or an error
1842 code. If the checksum verification of the end phase message fails,
1843 'GNUTLS_E_IA_VERIFY_FAILED' is returned.
1846 File: gnutls.info, Node: Error codes and descriptions, Prev: TLS Inner Application (TLS/IA) functions, Up: Function reference
1848 9.6 Error Codes and Descriptions
1849 ================================
1851 The error codes used throughout the library are described below. The
1852 return code 'GNUTLS_E_SUCCESS' indicate successful operation, and is
1853 guaranteed to have the value 0, so you can use it in logical
1857 Resource temporarily unavailable, try again.
1859 'GNUTLS_E_ASN1_DER_ERROR:'
1860 ASN1 parser: Error in DER parsing.
1862 'GNUTLS_E_ASN1_DER_OVERFLOW:'
1863 ASN1 parser: Overflow in DER parsing.
1865 'GNUTLS_E_ASN1_ELEMENT_NOT_FOUND:'
1866 ASN1 parser: Element was not found.
1868 'GNUTLS_E_ASN1_GENERIC_ERROR:'
1869 ASN1 parser: Generic parsing error.
1871 'GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND:'
1872 ASN1 parser: Identifier was not found
1874 'GNUTLS_E_ASN1_SYNTAX_ERROR:'
1875 ASN1 parser: Syntax error.
1877 'GNUTLS_E_ASN1_TAG_ERROR:'
1878 ASN1 parser: Error in TAG.
1880 'GNUTLS_E_ASN1_TAG_IMPLICIT:'
1881 ASN1 parser: error in implicit tag
1883 'GNUTLS_E_ASN1_TYPE_ANY_ERROR:'
1884 ASN1 parser: Error in type 'ANY'.
1886 'GNUTLS_E_ASN1_VALUE_NOT_FOUND:'
1887 ASN1 parser: Value was not found.
1889 'GNUTLS_E_ASN1_VALUE_NOT_VALID:'
1890 ASN1 parser: Value is not valid.
1892 'GNUTLS_E_BASE64_DECODING_ERROR:'
1893 Base64 decoding error.
1895 'GNUTLS_E_BASE64_ENCODING_ERROR:'
1896 Base64 encoding error.
1898 'GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR:'
1899 Base64 unexpected header error.
1901 'GNUTLS_E_CERTIFICATE_ERROR:'
1902 Error in the certificate.
1904 'GNUTLS_E_CERTIFICATE_KEY_MISMATCH:'
1905 The certificate and the given key do not match.
1907 'GNUTLS_E_CERTIFICATE_LIST_UNSORTED:'
1908 The provided X.509 certificate list is not sorted (in subject to
1911 'GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE:'
1912 Channel binding data not available
1914 'GNUTLS_E_COMPRESSION_FAILED:'
1915 Compression of the TLS record packet has failed.
1917 'GNUTLS_E_CONSTRAINT_ERROR:'
1918 Some constraint limits were reached.
1920 'GNUTLS_E_CRYPTODEV_DEVICE_ERROR:'
1921 Error opening /dev/crypto
1923 'GNUTLS_E_CRYPTODEV_IOCTL_ERROR:'
1924 Error interfacing with /dev/crypto
1926 'GNUTLS_E_CRYPTO_ALREADY_REGISTERED:'
1927 There is already a crypto algorithm with lower priority.
1929 'GNUTLS_E_CRYPTO_INIT_FAILED:'
1930 The initialization of crypto backend has failed.
1932 'GNUTLS_E_DB_ERROR:'
1933 Error in Database backend.
1935 'GNUTLS_E_DECOMPRESSION_FAILED:'
1936 Decompression of the TLS record packet has failed.
1938 'GNUTLS_E_DECRYPTION_FAILED:'
1939 Decryption has failed.
1941 'GNUTLS_E_DH_PRIME_UNACCEPTABLE:'
1942 The Diffie-Hellman prime sent by the server is not acceptable (not
1945 'GNUTLS_E_ENCRYPTION_FAILED:'
1946 Encryption has failed.
1948 'GNUTLS_E_ERROR_IN_FINISHED_PACKET:'
1949 An error was encountered at the TLS Finished packet calculation.
1952 The requested session has expired.
1954 'GNUTLS_E_FATAL_ALERT_RECEIVED:'
1955 A TLS fatal alert has been received.
1957 'GNUTLS_E_FILE_ERROR:'
1958 Error while reading file.
1960 'GNUTLS_E_GOT_APPLICATION_DATA:'
1961 TLS Application data were received, while expecting handshake data.
1963 'GNUTLS_E_HANDSHAKE_TOO_LARGE:'
1964 The handshake data size is too large (DoS?), check
1965 gnutls_handshake_set_max_packet_length().
1967 'GNUTLS_E_HASH_FAILED:'
1970 'GNUTLS_E_IA_VERIFY_FAILED:'
1971 Verifying TLS/IA phase checksum failed
1973 'GNUTLS_E_ILLEGAL_SRP_USERNAME:'
1974 The SRP username supplied is illegal.
1976 'GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY:'
1977 The gcrypt library version is too old.
1979 'GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY:'
1980 The tasn1 library version is too old.
1982 'GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL:'
1983 The given DSA key is incompatible with the selected TLS protocol.
1985 'GNUTLS_E_INIT_LIBEXTRA:'
1986 The initialization of GnuTLS-extra has failed.
1988 'GNUTLS_E_INSUFFICIENT_CREDENTIALS:'
1989 Insufficient credentials for that request.
1991 'GNUTLS_E_INTERNAL_ERROR:'
1992 GnuTLS internal error.
1994 'GNUTLS_E_INTERRUPTED:'
1995 Function was interrupted.
1997 'GNUTLS_E_INVALID_PASSWORD:'
1998 The given password contains invalid characters.
2000 'GNUTLS_E_INVALID_REQUEST:'
2001 The request is invalid.
2003 'GNUTLS_E_INVALID_SESSION:'
2004 The specified session has been invalidated for some reason.
2006 'GNUTLS_E_KEY_USAGE_VIOLATION:'
2007 Key usage violation in certificate has been detected.
2009 'GNUTLS_E_LARGE_PACKET:'
2010 A large TLS record packet was received.
2012 'GNUTLS_E_LIBRARY_VERSION_MISMATCH:'
2013 The GnuTLS library version does not match the GnuTLS-extra library
2016 'GNUTLS_E_LOCKING_ERROR:'
2017 Thread locking error
2019 'GNUTLS_E_LZO_INIT_FAILED:'
2020 The initialization of LZO has failed.
2022 'GNUTLS_E_MAC_VERIFY_FAILED:'
2023 The Message Authentication Code verification failed.
2025 'GNUTLS_E_MEMORY_ERROR:'
2026 Internal error in memory allocation.
2028 'GNUTLS_E_MPI_PRINT_FAILED:'
2029 Could not export a large integer.
2031 'GNUTLS_E_MPI_SCAN_FAILED:'
2032 The scanning of a large integer has failed.
2034 'GNUTLS_E_NO_CERTIFICATE_FOUND:'
2035 The peer did not send any certificate.
2037 'GNUTLS_E_NO_CIPHER_SUITES:'
2038 No supported cipher suites have been found.
2040 'GNUTLS_E_NO_COMPRESSION_ALGORITHMS:'
2041 No supported compression algorithms have been found.
2043 'GNUTLS_E_NO_TEMPORARY_DH_PARAMS:'
2044 No temporary DH parameters were found.
2046 'GNUTLS_E_NO_TEMPORARY_RSA_PARAMS:'
2047 No temporary RSA parameters were found.
2049 'GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED:'
2050 The OpenPGP fingerprint is not supported.
2052 'GNUTLS_E_OPENPGP_GETKEY_FAILED:'
2053 Could not get OpenPGP key.
2055 'GNUTLS_E_OPENPGP_KEYRING_ERROR:'
2056 Error loading the keyring.
2058 'GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR:'
2059 The OpenPGP key has not a preferred key set.
2061 'GNUTLS_E_OPENPGP_SUBKEY_ERROR:'
2062 Could not find OpenPGP subkey.
2064 'GNUTLS_E_OPENPGP_UID_REVOKED:'
2065 The OpenPGP User ID is revoked.
2067 'GNUTLS_E_PARSING_ERROR:'
2070 'GNUTLS_E_PKCS11_ATTRIBUTE_ERROR:'
2071 PKCS #11 error in attribute
2073 'GNUTLS_E_PKCS11_DATA_ERROR:'
2074 PKCS #11 error in data
2076 'GNUTLS_E_PKCS11_DEVICE_ERROR:'
2077 PKCS #11 error in device
2079 'GNUTLS_E_PKCS11_ERROR:'
2082 'GNUTLS_E_PKCS11_KEY_ERROR:'
2083 PKCS #11 error in key
2085 'GNUTLS_E_PKCS11_LOAD_ERROR:'
2086 PKCS #11 initialization error.
2088 'GNUTLS_E_PKCS11_PIN_ERROR:'
2089 PKCS #11 error in PIN.
2091 'GNUTLS_E_PKCS11_PIN_EXPIRED:'
2092 PKCS #11 PIN expired
2094 'GNUTLS_E_PKCS11_PIN_LOCKED:'
2097 'GNUTLS_E_PKCS11_SESSION_ERROR:'
2098 PKCS #11 error in session
2100 'GNUTLS_E_PKCS11_SIGNATURE_ERROR:'
2101 PKCS #11 error in signature
2103 'GNUTLS_E_PKCS11_SLOT_ERROR:'
2104 PKCS #11 error in slot
2106 'GNUTLS_E_PKCS11_TOKEN_ERROR:'
2107 PKCS #11 error in token
2109 'GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR:'
2110 PKCS #11 unsupported feature
2112 'GNUTLS_E_PKCS11_USER_ERROR:'
2115 'GNUTLS_E_PKCS1_WRONG_PAD:'
2116 Wrong padding in PKCS1 packet.
2118 'GNUTLS_E_PK_DECRYPTION_FAILED:'
2119 Public key decryption has failed.
2121 'GNUTLS_E_PK_ENCRYPTION_FAILED:'
2122 Public key encryption has failed.
2124 'GNUTLS_E_PK_SIGN_FAILED:'
2125 Public key signing has failed.
2127 'GNUTLS_E_PK_SIG_VERIFY_FAILED:'
2128 Public key signature verification has failed.
2130 'GNUTLS_E_PULL_ERROR:'
2131 Error in the pull function.
2133 'GNUTLS_E_PUSH_ERROR:'
2134 Error in the push function.
2136 'GNUTLS_E_RANDOM_FAILED:'
2137 Failed to acquire random data.
2139 'GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION:'
2140 An illegal TLS extension was received.
2142 'GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER:'
2143 An illegal parameter has been received.
2145 'GNUTLS_E_RECORD_LIMIT_REACHED:'
2146 The upper limit of record packet sequence numbers has been reached.
2149 'GNUTLS_E_REHANDSHAKE:'
2150 Rehandshake was requested by the peer.
2152 'GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE:'
2153 The requested data were not available.
2155 'GNUTLS_E_SAFE_RENEGOTIATION_FAILED:'
2156 Safe renegotiation failed.
2158 'GNUTLS_E_SHORT_MEMORY_BUFFER:'
2159 The given memory buffer is too short to hold parameters.
2161 'GNUTLS_E_SRP_PWD_ERROR:'
2162 Error in password file.
2164 'GNUTLS_E_SRP_PWD_PARSING_ERROR:'
2165 Parsing error in password file.
2170 'GNUTLS_E_TOO_MANY_EMPTY_PACKETS:'
2171 Too many empty record packets have been received.
2173 'GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET:'
2174 An unexpected TLS handshake packet was received.
2176 'GNUTLS_E_UNEXPECTED_PACKET:'
2177 An unexpected TLS packet was received.
2179 'GNUTLS_E_UNEXPECTED_PACKET_LENGTH:'
2180 A TLS packet with unexpected length was received.
2182 'GNUTLS_E_UNKNOWN_ALGORITHM:'
2183 The specified algorithm or protocol is unknown.
2185 'GNUTLS_E_UNKNOWN_CIPHER_SUITE:'
2186 Could not negotiate a supported cipher suite.
2188 'GNUTLS_E_UNKNOWN_CIPHER_TYPE:'
2189 The cipher type is unsupported.
2191 'GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM:'
2192 Could not negotiate a supported compression method.
2194 'GNUTLS_E_UNKNOWN_HASH_ALGORITHM:'
2195 The hash algorithm is unknown.
2197 'GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE:'
2198 The PKCS structure's bag type is unknown.
2200 'GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE:'
2201 The PKCS structure's content type is unknown.
2203 'GNUTLS_E_UNKNOWN_PK_ALGORITHM:'
2204 An unknown public key algorithm was encountered.
2206 'GNUTLS_E_UNKNOWN_SRP_USERNAME:'
2207 The SRP username supplied is unknown.
2209 'GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED:'
2210 Unsafe renegotiation denied.
2212 'GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE:'
2213 The certificate type is not supported.
2215 'GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM:'
2216 The signature algorithm is not supported.
2218 'GNUTLS_E_UNSUPPORTED_VERSION_PACKET:'
2219 A record packet with illegal version was received.
2221 'GNUTLS_E_UNWANTED_ALGORITHM:'
2222 An algorithm that is not enabled was negotiated.
2224 'GNUTLS_E_WARNING_ALERT_RECEIVED:'
2225 A TLS warning alert has been received.
2227 'GNUTLS_E_WARNING_IA_FPHF_RECEIVED:'
2228 Received a TLS/IA Final Phase Finished message
2230 'GNUTLS_E_WARNING_IA_IPHF_RECEIVED:'
2231 Received a TLS/IA Intermediate Phase Finished message
2233 'GNUTLS_E_X509_UNKNOWN_SAN:'
2234 Unknown Subject Alternative name in X.509 certificate.
2236 'GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE:'
2237 The certificate has unsupported attributes.
2239 'GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION:'
2240 Unsupported critical extension in X.509 certificate.
2242 'GNUTLS_E_X509_UNSUPPORTED_OID:'
2243 The OID is not supported.
2246 File: gnutls.info, Node: All the supported ciphersuites in GnuTLS, Next: Guile Bindings, Prev: Function reference, Up: Top
2248 10 All the Supported Ciphersuites in GnuTLS
2249 *******************************************
2251 Available cipher suites:
2252 TLS_ANON_DH_ARCFOUR_MD5 0x00 0x18 SSL3.0
2253 TLS_ANON_DH_3DES_EDE_CBC_SHA1 0x00 0x1b SSL3.0
2254 TLS_ANON_DH_AES_128_CBC_SHA1 0x00 0x34 SSL3.0
2255 TLS_ANON_DH_AES_256_CBC_SHA1 0x00 0x3a SSL3.0
2256 TLS_ANON_DH_CAMELLIA_128_CBC_SHA1 0x00 0x46 TLS1.0
2257 TLS_ANON_DH_CAMELLIA_256_CBC_SHA1 0x00 0x89 TLS1.0
2258 TLS_ANON_DH_AES_128_CBC_SHA256 0x00 0x6c TLS1.2
2259 TLS_ANON_DH_AES_256_CBC_SHA256 0x00 0x6d TLS1.2
2260 TLS_PSK_SHA_ARCFOUR_SHA1 0x00 0x8a TLS1.0
2261 TLS_PSK_SHA_3DES_EDE_CBC_SHA1 0x00 0x8b TLS1.0
2262 TLS_PSK_SHA_AES_128_CBC_SHA1 0x00 0x8c TLS1.0
2263 TLS_PSK_SHA_AES_256_CBC_SHA1 0x00 0x8d TLS1.0
2264 TLS_DHE_PSK_SHA_ARCFOUR_SHA1 0x00 0x8e TLS1.0
2265 TLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1 0x00 0x8f TLS1.0
2266 TLS_DHE_PSK_SHA_AES_128_CBC_SHA1 0x00 0x90 TLS1.0
2267 TLS_DHE_PSK_SHA_AES_256_CBC_SHA1 0x00 0x91 TLS1.0
2268 TLS_SRP_SHA_3DES_EDE_CBC_SHA1 0xc0 0x1a TLS1.0
2269 TLS_SRP_SHA_AES_128_CBC_SHA1 0xc0 0x1d TLS1.0
2270 TLS_SRP_SHA_AES_256_CBC_SHA1 0xc0 0x20 TLS1.0
2271 TLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1 0xc0 0x1c TLS1.0
2272 TLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1 0xc0 0x1b TLS1.0
2273 TLS_SRP_SHA_DSS_AES_128_CBC_SHA1 0xc0 0x1f TLS1.0
2274 TLS_SRP_SHA_RSA_AES_128_CBC_SHA1 0xc0 0x1e TLS1.0
2275 TLS_SRP_SHA_DSS_AES_256_CBC_SHA1 0xc0 0x22 TLS1.0
2276 TLS_SRP_SHA_RSA_AES_256_CBC_SHA1 0xc0 0x21 TLS1.0
2277 TLS_DHE_DSS_ARCFOUR_SHA1 0x00 0x66 TLS1.0
2278 TLS_DHE_DSS_3DES_EDE_CBC_SHA1 0x00 0x13 SSL3.0
2279 TLS_DHE_DSS_AES_128_CBC_SHA1 0x00 0x32 SSL3.0
2280 TLS_DHE_DSS_AES_256_CBC_SHA1 0x00 0x38 SSL3.0
2281 TLS_DHE_DSS_CAMELLIA_128_CBC_SHA1 0x00 0x44 TLS1.0
2282 TLS_DHE_DSS_CAMELLIA_256_CBC_SHA1 0x00 0x87 TLS1.0
2283 TLS_DHE_DSS_AES_128_CBC_SHA256 0x00 0x40 TLS1.2
2284 TLS_DHE_DSS_AES_256_CBC_SHA256 0x00 0x6a TLS1.2
2285 TLS_DHE_RSA_3DES_EDE_CBC_SHA1 0x00 0x16 SSL3.0
2286 TLS_DHE_RSA_AES_128_CBC_SHA1 0x00 0x33 SSL3.0
2287 TLS_DHE_RSA_AES_256_CBC_SHA1 0x00 0x39 SSL3.0
2288 TLS_DHE_RSA_CAMELLIA_128_CBC_SHA1 0x00 0x45 TLS1.0
2289 TLS_DHE_RSA_CAMELLIA_256_CBC_SHA1 0x00 0x88 TLS1.0
2290 TLS_DHE_RSA_AES_128_CBC_SHA256 0x00 0x67 TLS1.2
2291 TLS_DHE_RSA_AES_256_CBC_SHA256 0x00 0x6b TLS1.2
2292 TLS_RSA_NULL_MD5 0x00 0x01 SSL3.0
2293 TLS_RSA_NULL_SHA1 0x00 0x02 SSL3.0
2294 TLS_RSA_NULL_SHA256 0x00 0x3b TLS1.2
2295 TLS_RSA_EXPORT_ARCFOUR_40_MD5 0x00 0x03 SSL3.0
2296 TLS_RSA_ARCFOUR_SHA1 0x00 0x05 SSL3.0
2297 TLS_RSA_ARCFOUR_MD5 0x00 0x04 SSL3.0
2298 TLS_RSA_3DES_EDE_CBC_SHA1 0x00 0x0a SSL3.0
2299 TLS_RSA_AES_128_CBC_SHA1 0x00 0x2f SSL3.0
2300 TLS_RSA_AES_256_CBC_SHA1 0x00 0x35 SSL3.0
2301 TLS_RSA_CAMELLIA_128_CBC_SHA1 0x00 0x41 TLS1.0
2302 TLS_RSA_CAMELLIA_256_CBC_SHA1 0x00 0x84 TLS1.0
2303 TLS_RSA_AES_128_CBC_SHA256 0x00 0x3c TLS1.2
2304 TLS_RSA_AES_256_CBC_SHA256 0x00 0x3d TLS1.2
2306 Available certificate types:
2310 Available protocols:
2328 Available MAC algorithms:
2338 Available key exchange methods:
2350 Available public key algorithms:
2354 Available public key signature algorithms:
2367 Available compression methods:
2371 Some additional information regarding some of the algorithms:
2374 RSA is public key cryptosystem designed by Ronald Rivest, Adi
2375 Shamir and Leonard Adleman. It can be used with any hash
2379 DSA is the USA's Digital Signature Standard. It uses only the
2380 SHA-1 hash algorithm.
2383 MD2 is a cryptographic hash algorithm designed by Ron Rivest. It
2384 is optimized for 8-bit processors. Outputs 128 bits of data.
2385 There are several known weaknesses of this algorithm and it should
2389 MD5 is a cryptographic hash algorithm designed by Ron Rivest.
2390 Outputs 128 bits of data. It is considered to be broken.
2393 SHA is a cryptographic hash algorithm designed by NSA. Outputs 160
2394 bits of data. It is also considered to be broken, though no
2395 practical attacks have been found.
2398 RIPEMD is a cryptographic hash algorithm developed in the framework
2399 of the EU project RIPE. Outputs 160 bits of data.
2402 File: gnutls.info, Node: Guile Bindings, Next: Internal architecture of GnuTLS, Prev: All the supported ciphersuites in GnuTLS, Up: Top
2407 This chapter describes the GNU Guile
2408 (http://www.gnu.org/software/guile/) Scheme programming interface to
2409 GnuTLS. The reader is assumed to have basic knowledge of the protocol
2410 and library. Details missing from this chapter may be found in *note
2411 the C API reference: Function reference.
2413 At this stage, not all the C functions are available from Scheme, but a
2414 large subset thereof is available.
2418 * Guile Preparations:: Note on installation and environment.
2419 * Guile API Conventions:: Naming conventions and other idiosyncrasies.
2420 * Guile Examples:: Quick start.
2421 * Guile Reference:: The Scheme GnuTLS programming interface.
2424 File: gnutls.info, Node: Guile Preparations, Next: Guile API Conventions, Up: Guile Bindings
2426 11.1 Guile Preparations
2427 =======================
2429 The GnuTLS Guile bindings are by default installed under the GnuTLS
2430 installation directory (e.g., typically '/usr/local/share/guile/site/').
2431 Normally Guile will not find the module there without help. You may
2432 experience something like this:
2435 guile> (use-modules (gnutls))
2436 <unnamed port>: no code for module (gnutls)
2439 There are two ways to solve this. The first is to make sure that when
2440 building GnuTLS, the Guile bindings will be installed in the same place
2441 where Guile looks. You may do this by using the '--with-guile-site-dir'
2442 parameter as follows:
2444 $ ./configure --with-guile-site-dir=no
2446 This will instruct GnuTLS to attempt to install the Guile bindings where
2447 Guile will look for them. It will use 'guile-config info pkgdatadir' to
2448 learn the path to use.
2450 If Guile was installed into '/usr', you may also install GnuTLS using
2453 $ ./configure --prefix=/usr
2455 If you want to specify the path to install the Guile bindings you can
2456 also specify the path directly:
2458 $ ./configure --with-guile-site-dir=/opt/guile/share/guile/site
2460 The second solution requires some more work but may be easier to use if
2461 you do not have system administrator rights to your machine. You need
2462 to instruct Guile so that it finds the GnuTLS Guile bindings. Either
2463 use the 'GUILE_LOAD_PATH' environment variable as follows:
2465 $ GUILE_LOAD_PATH="/usr/local/share/guile/site:$GUILE_LOAD_PATH" guile
2466 guile> (use-modules (gnutls))
2469 Alternatively, you can modify Guile's '%load-path' variable (*note
2470 Guile's run-time options: (guile)Build Config.).
2472 At this point, you might get an error regarding 'libguile-gnutls-v-0'
2475 gnutls.scm:361:1: In procedure dynamic-link in expression (load-extension "libguile-gnutls-v-0" "scm_init_gnutls"):
2476 gnutls.scm:361:1: file: "libguile-gnutls-v-0", message: "libguile-gnutls-v-0.so: cannot open shared object file: No such file or directory"
2478 In this case, you will need to modify the run-time linker path, for
2481 $ LD_LIBRARY_PATH=/usr/local/lib GUILE_LOAD_PATH=/usr/local/share/guile/site guile
2482 guile> (use-modules (gnutls))
2485 To check that you got the intended GnuTLS library version, you may print
2486 the version number of the loaded library as follows:
2489 guile> (use-modules (gnutls))
2490 guile> (gnutls-version)
2495 File: gnutls.info, Node: Guile API Conventions, Next: Guile Examples, Prev: Guile Preparations, Up: Guile Bindings
2497 11.2 Guile API Conventions
2498 ==========================
2500 This chapter details the conventions used by Guile API, as well as
2501 specificities of the mapping of the C API to Scheme.
2505 * Enumerates and Constants:: Representation of C-side constants.
2506 * Procedure Names:: Naming conventions.
2507 * Representation of Binary Data:: Binary data buffers.
2508 * Input and Output:: Input and output.
2509 * Exception Handling:: Exceptions.
2512 File: gnutls.info, Node: Enumerates and Constants, Next: Procedure Names, Up: Guile API Conventions
2514 11.2.1 Enumerates and Constants
2515 -------------------------------
2517 Lots of enumerates and constants are used in the GnuTLS C API. For each
2518 C enumerate type, a disjoint Scheme type is used--thus, enumerate values
2519 and constants are not represented by Scheme symbols nor by integers.
2520 This makes it impossible to use an enumerate value of the wrong type on
2521 the Scheme side: such errors are automatically detected by
2524 The enumerate values are bound to variables exported by the '(gnutls)'
2525 and '(gnutls extra)' modules. These variables are named according to
2526 the following convention:
2528 * All variable names are lower-case; the underscore '_' character
2529 used in the C API is replaced by hyphen '-'.
2530 * All variable names are prepended by the name of the enumerate type
2531 and the slash '/' character.
2532 * In some cases, the variable name is made more explicit than the one
2533 of the C API, e.g., by avoid abbreviations.
2535 Consider for instance this C-side enumerate:
2539 GNUTLS_CRD_CERTIFICATE = 1,
2544 } gnutls_credentials_type_t;
2546 The corresponding Scheme values are bound to the following variables
2547 exported by the '(gnutls)' module:
2549 credentials/certificate
2550 credentials/anonymous
2555 Hopefully, most variable names can be deduced from this convention.
2557 Scheme-side "enumerate" values can be compared using 'eq?' (*note
2558 equality predicates: (guile)Equality.). Consider the following example:
2560 (let ((session (make-session connection-end/client)))
2566 ;; Check the ciphering algorithm currently used by SESSION.
2567 (if (eq? cipher/arcfour (session-cipher session))
2568 (format #t "We're using the ARCFOUR algorithm")))
2570 In addition, all enumerate values can be converted to a human-readable
2571 string, in a type-specific way. For instance, '(cipher->string
2572 cipher/arcfour)' yields '"ARCFOUR 128"', while '(key-usage->string
2573 key-usage/digital-signature)' yields '"digital-signature"'. Note that
2574 these strings may not be sufficient for use in a user interface since
2575 they are fairly concise and not internationalized.
2578 File: gnutls.info, Node: Procedure Names, Next: Representation of Binary Data, Prev: Enumerates and Constants, Up: Guile API Conventions
2580 11.2.2 Procedure Names
2581 ----------------------
2583 Unlike C functions in GnuTLS, the corresponding Scheme procedures are
2584 named in a way that is close to natural English. Abbreviations are also
2585 avoided. For instance, the Scheme procedure corresponding to
2586 'gnutls_certificate_set_dh_params' is named
2587 'set-certificate-credentials-dh-parameters!'. The 'gnutls_' prefix is
2588 always omitted from variable names since a similar effect can be
2589 achieved using Guile's nifty binding renaming facilities, should it be
2590 needed (*note (guile)Using Guile Modules::).
2592 Often Scheme procedure names differ from C function names in a way that
2593 makes it clearer what objects they operate on. For example, the Scheme
2594 procedure named 'set-session-transport-port!' corresponds to
2595 'gnutls_transport_set_ptr', making it clear that this procedure applies
2599 File: gnutls.info, Node: Representation of Binary Data, Next: Input and Output, Prev: Procedure Names, Up: Guile API Conventions
2601 11.2.3 Representation of Binary Data
2602 ------------------------------------
2604 Many procedures operate on binary data. For instance,
2605 'pkcs3-import-dh-parameters' expects binary data as input and,
2606 similarly, procedures like 'pkcs1-export-rsa-parameters' return binary
2609 Binary data is represented on the Scheme side using SRFI-4 homogeneous
2610 vectors (*note (guile)SRFI-4::). Although any type of homogeneous
2611 vector may be used, 'u8vector's (i.e., vectors of bytes) are highly
2614 As an example, generating and then exporting RSA parameters in the PEM
2615 format can be done as follows:
2617 (let* ((rsa-params (make-rsa-parameters 1024))
2619 (pkcs1-export-rsa-parameters rsa-params
2620 x509-certificate-format/pem)))
2621 (uniform-vector-write raw-data (open-output-file "some-file.pem")))
2623 For an example of OpenPGP key import from a file, see *note Importing
2624 OpenPGP Keys Guile Example::.
2627 File: gnutls.info, Node: Input and Output, Next: Exception Handling, Prev: Representation of Binary Data, Up: Guile API Conventions
2629 11.2.4 Input and Output
2630 -----------------------
2632 The underlying transport of a TLS session can be any Scheme input/output
2633 port (*note (guile)Ports and File Descriptors::). This has to be
2634 specified using 'set-session-transport-port!'.
2636 However, for better performance, a raw file descriptor can be specified,
2637 using 'set-session-transport-fd!'. For instance, if the transport layer
2638 is a socket port over an OS-provided socket, you can use the
2639 'port->fdes' or 'fileno' procedure to obtain the underlying file
2640 descriptor and pass it to 'set-session-transport-fd!' (*note
2641 'port->fdes' and 'fileno': (guile)Ports and File Descriptors.). This
2642 would work as follows:
2644 (let ((socket (socket PF_INET SOCK_STREAM 0))
2645 (session (make-session connection-end/client)))
2648 ;; Establish a TCP connection...
2651 ;; Use the file descriptor that underlies SOCKET.
2652 (set-session-transport-fd! session (fileno socket)))
2654 Once a TLS session is established, data can be communicated through it
2655 (i.e., _via_ the TLS record layer) using the port returned by
2656 'session-record-port':
2658 (let ((session (make-session connection-end/client)))
2661 ;; Initialize the various parameters of SESSION, set up
2662 ;; a network connection, etc...
2665 (let ((i/o (session-record-port session)))
2666 (write "Hello peer!" i/o)
2667 (let ((greetings (read i/o)))
2671 (bye session close-request/rdwr))))
2673 A lower-level I/O API is provided by 'record-send' and 'record-receive!'
2674 which take an SRFI-4 vector to represent the data sent or received.
2675 While it might improve performance, it is much less convenient than the
2676 above and should rarely be needed.
2679 File: gnutls.info, Node: Exception Handling, Prev: Input and Output, Up: Guile API Conventions
2681 11.2.5 Exception Handling
2682 -------------------------
2684 GnuTLS errors are implemented as Scheme exceptions (*note exceptions in
2685 Guile: (guile)Exceptions.). Each time a GnuTLS function returns an
2686 error, an exception with key 'gnutls-error' is raised. The additional
2687 arguments that are thrown include an error code and the name of the
2688 GnuTLS procedure that raised the exception. The error code is pretty
2689 much like an enumerate value: it is one of the 'error/' variables
2690 exported by the '(gnutls)' module (*note Enumerates and Constants::).
2691 Exceptions can be turned into error messages using the 'error->string'
2694 The following examples illustrates how GnuTLS exceptions can be handled:
2696 (let ((session (make-session connection-end/server)))
2702 (catch 'gnutls-error
2704 (handshake session))
2705 (lambda (key err function . currently-unused)
2706 (format (current-error-port)
2707 "a GnuTLS error was raised by `~a': ~a~%"
2708 function (error->string err)))))
2710 Again, error values can be compared using 'eq?':
2712 ;; `gnutls-error' handler.
2713 (lambda (key err function . currently-unused)
2714 (if (eq? err error/fatal-alert-received)
2715 (format (current-error-port)
2716 "a fatal alert was caught!~%")
2717 (format (current-error-port)
2718 "something bad happened: ~a~%"
2719 (error->string err))))
2721 Note that the 'catch' handler is currently passed only 3 arguments but
2722 future versions might provide it with additional arguments. Thus, it
2723 must be prepared to handle more than 3 arguments, as in this example.
2726 File: gnutls.info, Node: Guile Examples, Next: Guile Reference, Prev: Guile API Conventions, Up: Guile Bindings
2731 This chapter provides examples that illustrate common use cases.
2735 * Anonymous Authentication Guile Example:: Simplest client and server.
2736 * OpenPGP Authentication Guile Example:: Using OpenPGP-based authentication.
2737 * Importing OpenPGP Keys Guile Example:: Importing keys from files.
2740 File: gnutls.info, Node: Anonymous Authentication Guile Example, Next: OpenPGP Authentication Guile Example, Up: Guile Examples
2742 11.3.1 Anonymous Authentication Guile Example
2743 ---------------------------------------------
2745 "Anonymous authentication" is very easy to use. No certificates are
2746 needed by the communicating parties. Yet, it allows them to benefit
2747 from end-to-end encryption and integrity checks.
2749 The client-side code would look like this (assuming SOME-SOCKET is bound
2750 to an open socket port):
2754 (let ((client (make-session connection-end/client)))
2755 ;; Use the default settings.
2756 (set-session-default-priority! client)
2758 ;; Don't use certificate-based authentication.
2759 (set-session-certificate-type-priority! client '())
2761 ;; Request the "anonymous Diffie-Hellman" key exchange method.
2762 (set-session-kx-priority! client (list kx/anon-dh))
2764 ;; Specify the underlying socket.
2765 (set-session-transport-fd! client (fileno some-socket))
2767 ;; Create anonymous credentials.
2768 (set-session-credentials! client
2769 (make-anonymous-client-credentials))
2771 ;; Perform the TLS handshake with the server.
2774 ;; Send data over the TLS record layer.
2775 (write "hello, world!" (session-record-port client))
2777 ;; Terminate the TLS session.
2778 (bye client close-request/rdwr))
2780 The corresponding server would look like this (again, assuming
2781 SOME-SOCKET is bound to a socket port):
2785 (let ((server (make-session connection-end/server)))
2786 (set-session-default-priority! server)
2787 (set-session-certificate-type-priority! server '())
2788 (set-session-kx-priority! server (list kx/anon-dh))
2790 ;; Specify the underlying transport socket.
2791 (set-session-transport-fd! server (fileno some-socket))
2793 ;; Create anonymous credentials.
2794 (let ((cred (make-anonymous-server-credentials))
2795 (dh-params (make-dh-parameters 1024)))
2796 ;; Note: DH parameter generation can take some time.
2797 (set-anonymous-server-dh-parameters! cred dh-params)
2798 (set-session-credentials! server cred))
2800 ;; Perform the TLS handshake with the client.
2803 ;; Receive data over the TLS record layer.
2804 (let ((message (read (session-record-port server))))
2805 (format #t "received the following message: ~a~%"
2808 (bye server close-request/rdwr)))
2813 File: gnutls.info, Node: OpenPGP Authentication Guile Example, Next: Importing OpenPGP Keys Guile Example, Prev: Anonymous Authentication Guile Example, Up: Guile Examples
2815 11.3.2 OpenPGP Authentication Guile Example
2816 -------------------------------------------
2818 GnuTLS allows users to authenticate using OpenPGP certificates. The
2819 relevant procedures are provided by the '(gnutls extra)' module. Using
2820 OpenPGP-based authentication is not more complicated than using
2821 anonymous authentication. It requires a bit of extra work, though, to
2822 import the OpenPGP public and private key of the client/server. Key
2823 import is omitted here and is left as an exercise to the reader (*note
2824 Importing OpenPGP Keys Guile Example::).
2826 Assuming SOME-SOCKET is bound to an open socket port and PUB and SEC are
2827 bound to the client's OpenPGP public and secret key, respectively,
2828 client-side code would look like this:
2832 (define %certs (list certificate-type/openpgp))
2834 (let ((client (make-session connection-end/client))
2835 (cred (make-certificate-credentials)))
2836 (set-session-default-priority! client)
2838 ;; Choose OpenPGP certificates.
2839 (set-session-certificate-type-priority! client %certs)
2841 ;; Prepare appropriate client credentials.
2842 (set-certificate-credentials-openpgp-keys! cred pub sec)
2843 (set-session-credentials! client cred)
2845 ;; Specify the underlying transport socket.
2846 (set-session-transport-fd! client (fileno some-socket))
2849 (write "hello, world!" (session-record-port client))
2850 (bye client close-request/rdwr))
2852 Similarly, server-side code would be along these lines:
2856 (define %certs (list certificate-type/openpgp))
2858 (let ((server (make-session connection-end/server))
2859 (rsa (make-rsa-parameters 1024))
2860 (dh (make-dh-parameters 1024)))
2861 (set-session-default-priority! server)
2863 ;; Choose OpenPGP certificates.
2864 (set-session-certificate-type-priority! server %certs)
2866 (let ((cred (make-certificate-credentials)))
2867 ;; Prepare credentials with RSA and Diffie-Hellman parameters.
2868 (set-certificate-credentials-dh-parameters! cred dh)
2869 (set-certificate-credentials-rsa-export-parameters! cred rsa)
2870 (set-certificate-credentials-openpgp-keys! cred pub sec)
2871 (set-session-credentials! server cred))
2873 (set-session-transport-fd! server (fileno some-socket))
2876 (let ((msg (read (session-record-port server))))
2877 (format #t "received: ~a~%" msg)
2879 (bye server close-request/rdwr)))
2881 In practice, generating RSA parameters (and Diffie-Hellman parameters)
2882 can time a long time. Thus, you may want to generate them once and
2883 store them in a file for future re-use (*note
2884 'pkcs1-export-rsa-parameters' and 'pkcs1-import-rsa-parameters': Core
2888 File: gnutls.info, Node: Importing OpenPGP Keys Guile Example, Prev: OpenPGP Authentication Guile Example, Up: Guile Examples
2890 11.3.3 Importing OpenPGP Keys Guile Example
2891 -------------------------------------------
2893 The following example provides a simple way of importing "ASCII-armored"
2894 OpenPGP keys from files, using the 'import-openpgp-certificate' and
2895 'import-openpgp-private-key' procedures provided by the '(gnutls extra)'
2898 (use-modules (srfi srfi-4)
2901 (define (import-key-from-file import-proc file)
2902 ;; Import OpenPGP key from FILE using IMPORT-PROC.
2904 ;; Prepare a u8vector large enough to hold the raw
2906 (let* ((size (stat:size (stat path)))
2907 (raw (make-u8vector size)))
2909 ;; Fill in the u8vector with the contents of FILE.
2910 (uniform-vector-read! raw (open-input-file file))
2912 ;; Pass the u8vector to the import procedure.
2913 (import-proc raw openpgp-certificate-format/base64)))
2916 (define (import-public-key-from-file file)
2917 (import-key-from-file import-openpgp-certificate file))
2919 (define (import-private-key-from-file file)
2920 (import-key-from-file import-openpgp-private-key file))
2922 The procedures 'import-public-key-from-file' and
2923 'import-private-key-from-file' can be passed a file name. They return
2924 an OpenPGP public key and private key object, respectively (*note
2925 OpenPGP key objects: Extra Interface.).
2928 File: gnutls.info, Node: Guile Reference, Prev: Guile Examples, Up: Guile Bindings
2930 11.4 Guile Reference
2931 ====================
2933 This chapter documents GnuTLS Scheme procedures available to Guile
2938 * Core Interface:: Bindings for core GnuTLS.
2939 * Extra Interface:: Bindings for GnuTLS-Extra.
2942 File: gnutls.info, Node: Core Interface, Next: Extra Interface, Up: Guile Reference
2944 11.4.1 Core Interface
2945 ---------------------
2947 This section lists the Scheme procedures exported by the '(gnutls)'
2948 module (*note (guile)The Guile module system::). This module is
2949 licenced under the GNU Lesser General Public Licence, version 2.1 or
2952 -- Scheme Procedure: set-log-level! level
2953 Enable GnuTLS logging up to LEVEL (an integer).
2955 -- Scheme Procedure: set-log-procedure! proc
2956 Use PROC (a two-argument procedure) as the global GnuTLS log
2959 -- Scheme Procedure: x509-certificate-subject-alternative-name cert
2961 Return two values: the alternative name type for CERT (i.e., one of
2962 the 'x509-subject-alternative-name/' values) and the actual subject
2963 alternative name (a string) at INDEX. Both values are '#f' if no
2964 alternative name is available at INDEX.
2966 -- Scheme Procedure: x509-certificate-subject-key-id cert
2967 Return the subject key ID (a u8vector) for CERT.
2969 -- Scheme Procedure: x509-certificate-authority-key-id cert
2970 Return the key ID (a u8vector) of the X.509 certificate authority
2973 -- Scheme Procedure: x509-certificate-key-id cert
2974 Return a statistically unique ID (a u8vector) for CERT that depends
2975 on its public key parameters. This is normally a 20-byte SHA-1
2978 -- Scheme Procedure: x509-certificate-version cert
2979 Return the version of CERT.
2981 -- Scheme Procedure: x509-certificate-key-usage cert
2982 Return the key usage of CERT (i.e., a list of 'key-usage/' values),
2983 or the empty list if CERT does not contain such information.
2985 -- Scheme Procedure: x509-certificate-public-key-algorithm cert
2986 Return two values: the public key algorithm (i.e., one of the
2987 'pk-algorithm/' values) of CERT and the number of bits used.
2989 -- Scheme Procedure: x509-certificate-signature-algorithm cert
2990 Return the signature algorithm used by CERT (i.e., one of the
2991 'sign-algorithm/' values).
2993 -- Scheme Procedure: x509-certificate-matches-hostname? cert hostname
2994 Return true if CERT matches HOSTNAME, a string denoting a DNS host
2995 name. This is the basic implementation of RFC 2818
2996 (http://tools.ietf.org/html/rfc2818) (aka. HTTPS).
2998 -- Scheme Procedure: x509-certificate-issuer-dn-oid cert index
2999 Return the OID (a string) at INDEX from CERT's issuer DN. Return
3000 '#f' if no OID is available at INDEX.
3002 -- Scheme Procedure: x509-certificate-dn-oid cert index
3003 Return OID (a string) at INDEX from CERT. Return '#f' if no OID is
3006 -- Scheme Procedure: x509-certificate-issuer-dn cert
3007 Return the distinguished name (DN) of X.509 certificate CERT.
3009 -- Scheme Procedure: x509-certificate-dn cert
3010 Return the distinguished name (DN) of X.509 certificate CERT. The
3011 form of the DN is as described in RFC 2253
3012 (http://tools.ietf.org/html/rfc2253).
3014 -- Scheme Procedure: pkcs8-import-x509-private-key data format [pass
3016 Return a new X.509 private key object resulting from the import of
3017 DATA (a uniform array) according to FORMAT. Optionally, if PASS is
3018 not '#f', it should be a string denoting a passphrase. ENCRYPTED
3019 tells whether the private key is encrypted ('#t' by default).
3021 -- Scheme Procedure: import-x509-private-key data format
3022 Return a new X.509 private key object resulting from the import of
3023 DATA (a uniform array) according to FORMAT.
3025 -- Scheme Procedure: import-x509-certificate data format
3026 Return a new X.509 certificate object resulting from the import of
3027 DATA (a uniform array) according to FORMAT.
3029 -- Scheme Procedure: server-session-psk-username session
3030 Return the username associated with PSK server session SESSION.
3032 -- Scheme Procedure: set-psk-client-credentials! cred username key
3034 Set the client credentials for CRED, a PSK client credentials
3037 -- Scheme Procedure: make-psk-client-credentials
3038 Return a new PSK client credentials object.
3040 -- Scheme Procedure: set-psk-server-credentials-file! cred file
3041 Use FILE as the password file for PSK server credentials CRED.
3043 -- Scheme Procedure: make-psk-server-credentials
3044 Return new PSK server credentials.
3046 -- Scheme Procedure: peer-certificate-status session
3047 Verify the peer certificate for SESSION and return a list of
3048 'certificate-status' values (such as 'certificate-status/revoked'),
3049 or the empty list if the certificate is valid.
3051 -- Scheme Procedure: set-certificate-credentials-verify-flags! cred
3053 Set the certificate verification flags to FLAGS, a series of
3054 'certificate-verify' values.
3056 -- Scheme Procedure: set-certificate-credentials-verify-limits! cred
3058 Set the verification limits of 'peer-certificate-status' for
3059 certificate credentials CRED to MAX_BITS bits for an acceptable
3060 certificate and MAX_DEPTH as the maximum depth of a certificate
3063 -- Scheme Procedure: set-certificate-credentials-x509-keys! cred certs
3065 Have certificate credentials CRED use the X.509 certificates listed
3066 in CERTS and X.509 private key PRIVKEY.
3068 -- Scheme Procedure: set-certificate-credentials-x509-key-data! cred
3070 Use X.509 certificate CERT and private key KEY, both uniform arrays
3071 containing the X.509 certificate and key in format FORMAT, for
3072 certificate credentials CRED.
3074 -- Scheme Procedure: set-certificate-credentials-x509-crl-data! cred
3076 Use DATA (a uniform array) as the X.509 CRL (certificate revocation
3077 list) database for CRED. On success, return the number of CRLs
3080 -- Scheme Procedure: set-certificate-credentials-x509-trust-data! cred
3082 Use DATA (a uniform array) as the X.509 trust database for CRED.
3083 On success, return the number of certificates processed.
3085 -- Scheme Procedure: set-certificate-credentials-x509-crl-file! cred
3087 Use FILE as the X.509 CRL (certificate revocation list) file for
3088 certificate credentials CRED. On success, return the number of
3091 -- Scheme Procedure: set-certificate-credentials-x509-trust-file! cred
3093 Use FILE as the X.509 trust file for certificate credentials CRED.
3094 On success, return the number of certificates processed.
3096 -- Scheme Procedure: set-certificate-credentials-x509-key-files! cred
3097 cert-file key-file format
3098 Use FILE as the password file for PSK server credentials CRED.
3100 -- Scheme Procedure: set-certificate-credentials-rsa-export-parameters!
3102 Use RSA parameters RSA_PARAMS for certificate credentials CRED.
3104 -- Scheme Procedure: set-certificate-credentials-dh-parameters! cred
3106 Use Diffie-Hellman parameters DH_PARAMS for certificate credentials
3109 -- Scheme Procedure: make-certificate-credentials
3110 Return new certificate credentials (i.e., for use with either X.509
3111 or OpenPGP certificates.
3113 -- Scheme Procedure: pkcs1-export-rsa-parameters rsa-params format
3114 Export Diffie-Hellman parameters RSA_PARAMS in PKCS1 format
3115 according for FORMAT (an 'x509-certificate-format' value). Return
3116 a 'u8vector' containing the result.
3118 -- Scheme Procedure: pkcs1-import-rsa-parameters array format
3119 Import Diffie-Hellman parameters in PKCS1 format (further specified
3120 by FORMAT, an 'x509-certificate-format' value) from ARRAY (a
3121 homogeneous array) and return a new 'rsa-params' object.
3123 -- Scheme Procedure: make-rsa-parameters bits
3124 Return new RSA parameters.
3126 -- Scheme Procedure: set-anonymous-server-dh-parameters! cred dh-params
3127 Set the Diffie-Hellman parameters of anonymous server credentials
3130 -- Scheme Procedure: make-anonymous-client-credentials
3131 Return anonymous client credentials.
3133 -- Scheme Procedure: make-anonymous-server-credentials
3134 Return anonymous server credentials.
3136 -- Scheme Procedure: set-session-dh-prime-bits! session bits
3137 Use BITS DH prime bits for SESSION.
3139 -- Scheme Procedure: pkcs3-export-dh-parameters dh-params format
3140 Export Diffie-Hellman parameters DH_PARAMS in PKCS3 format
3141 according for FORMAT (an 'x509-certificate-format' value). Return
3142 a 'u8vector' containing the result.
3144 -- Scheme Procedure: pkcs3-import-dh-parameters array format
3145 Import Diffie-Hellman parameters in PKCS3 format (further specified
3146 by FORMAT, an 'x509-certificate-format' value) from ARRAY (a
3147 homogeneous array) and return a new 'dh-params' object.
3149 -- Scheme Procedure: make-dh-parameters bits
3150 Return new Diffie-Hellman parameters.
3152 -- Scheme Procedure: set-session-transport-port! session port
3153 Use PORT as the input/output port for SESSION.
3155 -- Scheme Procedure: set-session-transport-fd! session fd
3156 Use file descriptor FD as the underlying transport for SESSION.
3158 -- Scheme Procedure: session-record-port session
3159 Return a read-write port that may be used to communicate over
3160 SESSION. All invocations of 'session-port' on a given session
3161 return the same object (in the sense of 'eq?').
3163 -- Scheme Procedure: record-receive! session array
3164 Receive data from SESSION into ARRAY, a uniform homogeneous array.
3165 Return the number of bytes actually received.
3167 -- Scheme Procedure: record-send session array
3168 Send the record constituted by ARRAY through SESSION.
3170 -- Scheme Procedure: set-session-credentials! session cred
3171 Use CRED as SESSION's credentials.
3173 -- Scheme Procedure: cipher-suite->string kx cipher mac
3174 Return the name of the given cipher suite.
3176 -- Scheme Procedure: set-session-default-export-priority! session
3177 Have SESSION use the default export priorities.
3179 -- Scheme Procedure: set-session-default-priority! session
3180 Have SESSION use the default priorities.
3182 -- Scheme Procedure: set-session-certificate-type-priority! session
3184 Use ITEMS (a list) as the list of preferred certificate-type for
3187 -- Scheme Procedure: set-session-protocol-priority! session items
3188 Use ITEMS (a list) as the list of preferred protocol for SESSION.
3190 -- Scheme Procedure: set-session-kx-priority! session items
3191 Use ITEMS (a list) as the list of preferred kx for SESSION.
3193 -- Scheme Procedure: set-session-compression-method-priority! session
3195 Use ITEMS (a list) as the list of preferred compression-method for
3198 -- Scheme Procedure: set-session-mac-priority! session items
3199 Use ITEMS (a list) as the list of preferred mac for SESSION.
3201 -- Scheme Procedure: set-session-cipher-priority! session items
3202 Use ITEMS (a list) as the list of preferred cipher for SESSION.
3204 -- Scheme Procedure: set-server-session-certificate-request! session
3206 Tell how SESSION, a server-side session, should deal with
3207 certificate requests. REQUEST should be either
3208 'certificate-request/request' or 'certificate-request/require'.
3210 -- Scheme Procedure: session-our-certificate-chain session
3211 Return our certificate chain for SESSION (as sent to the peer) in
3212 raw format (a u8vector). In the case of OpenPGP there is exactly
3213 one certificate. Return the empty list if no certificate was used.
3215 -- Scheme Procedure: session-peer-certificate-chain session
3216 Return the a list of certificates in raw format (u8vectors) where
3217 the first one is the peer's certificate. In the case of OpenPGP,
3218 there is always exactly one certificate. In the case of X.509,
3219 subsequent certificates indicate form a certificate chain. Return
3220 the empty list if no certificate was sent.
3222 -- Scheme Procedure: session-client-authentication-type session
3223 Return the client authentication type (a 'credential-type' value)
3226 -- Scheme Procedure: session-server-authentication-type session
3227 Return the server authentication type (a 'credential-type' value)
3230 -- Scheme Procedure: session-authentication-type session
3231 Return the authentication type (a 'credential-type' value) used by
3234 -- Scheme Procedure: session-protocol session
3235 Return the protocol used by SESSION.
3237 -- Scheme Procedure: session-certificate-type session
3238 Return SESSION's certificate type.
3240 -- Scheme Procedure: session-compression-method session
3241 Return SESSION's compression method.
3243 -- Scheme Procedure: session-mac session
3244 Return SESSION's MAC.
3246 -- Scheme Procedure: session-kx session
3247 Return SESSION's kx.
3249 -- Scheme Procedure: session-cipher session
3250 Return SESSION's cipher.
3252 -- Scheme Procedure: alert-send session level alert
3253 Send ALERT via SESSION.
3255 -- Scheme Procedure: alert-get session
3256 Get an aleter from SESSION.
3258 -- Scheme Procedure: rehandshake session
3259 Perform a re-handshaking for SESSION.
3261 -- Scheme Procedure: handshake session
3262 Perform a handshake for SESSION.
3264 -- Scheme Procedure: bye session how
3265 Close SESSION according to HOW.
3267 -- Scheme Procedure: make-session end
3268 Return a new session for connection end END, either
3269 'connection-end/server' or 'connection-end/client'.
3271 -- Scheme Procedure: gnutls-version
3272 Return a string denoting the version number of the underlying
3273 GnuTLS library, e.g., '"1.7.2"'.
3275 -- Scheme Procedure: x509-private-key? obj
3276 Return true if OBJ is of type 'x509-private-key'.
3278 -- Scheme Procedure: x509-certificate? obj
3279 Return true if OBJ is of type 'x509-certificate'.
3281 -- Scheme Procedure: psk-client-credentials? obj
3282 Return true if OBJ is of type 'psk-client-credentials'.
3284 -- Scheme Procedure: psk-server-credentials? obj
3285 Return true if OBJ is of type 'psk-server-credentials'.
3287 -- Scheme Procedure: srp-client-credentials? obj
3288 Return true if OBJ is of type 'srp-client-credentials'.
3290 -- Scheme Procedure: srp-server-credentials? obj
3291 Return true if OBJ is of type 'srp-server-credentials'.
3293 -- Scheme Procedure: certificate-credentials? obj
3294 Return true if OBJ is of type 'certificate-credentials'.
3296 -- Scheme Procedure: rsa-parameters? obj
3297 Return true if OBJ is of type 'rsa-parameters'.
3299 -- Scheme Procedure: dh-parameters? obj
3300 Return true if OBJ is of type 'dh-parameters'.
3302 -- Scheme Procedure: anonymous-server-credentials? obj
3303 Return true if OBJ is of type 'anonymous-server-credentials'.
3305 -- Scheme Procedure: anonymous-client-credentials? obj
3306 Return true if OBJ is of type 'anonymous-client-credentials'.
3308 -- Scheme Procedure: session? obj
3309 Return true if OBJ is of type 'session'.
3311 -- Scheme Procedure: error->string enumval
3312 Return a string describing ENUMVAL, a 'error' value.
3314 -- Scheme Procedure: certificate-verify->string enumval
3315 Return a string describing ENUMVAL, a 'certificate-verify' value.
3317 -- Scheme Procedure: key-usage->string enumval
3318 Return a string describing ENUMVAL, a 'key-usage' value.
3320 -- Scheme Procedure: psk-key-format->string enumval
3321 Return a string describing ENUMVAL, a 'psk-key-format' value.
3323 -- Scheme Procedure: sign-algorithm->string enumval
3324 Return a string describing ENUMVAL, a 'sign-algorithm' value.
3326 -- Scheme Procedure: pk-algorithm->string enumval
3327 Return a string describing ENUMVAL, a 'pk-algorithm' value.
3329 -- Scheme Procedure: x509-subject-alternative-name->string enumval
3330 Return a string describing ENUMVAL, a
3331 'x509-subject-alternative-name' value.
3333 -- Scheme Procedure: x509-certificate-format->string enumval
3334 Return a string describing ENUMVAL, a 'x509-certificate-format'
3337 -- Scheme Procedure: certificate-type->string enumval
3338 Return a string describing ENUMVAL, a 'certificate-type' value.
3340 -- Scheme Procedure: protocol->string enumval
3341 Return a string describing ENUMVAL, a 'protocol' value.
3343 -- Scheme Procedure: close-request->string enumval
3344 Return a string describing ENUMVAL, a 'close-request' value.
3346 -- Scheme Procedure: certificate-request->string enumval
3347 Return a string describing ENUMVAL, a 'certificate-request' value.
3349 -- Scheme Procedure: certificate-status->string enumval
3350 Return a string describing ENUMVAL, a 'certificate-status' value.
3352 -- Scheme Procedure: handshake-description->string enumval
3353 Return a string describing ENUMVAL, a 'handshake-description'
3356 -- Scheme Procedure: alert-description->string enumval
3357 Return a string describing ENUMVAL, a 'alert-description' value.
3359 -- Scheme Procedure: alert-level->string enumval
3360 Return a string describing ENUMVAL, a 'alert-level' value.
3362 -- Scheme Procedure: connection-end->string enumval
3363 Return a string describing ENUMVAL, a 'connection-end' value.
3365 -- Scheme Procedure: compression-method->string enumval
3366 Return a string describing ENUMVAL, a 'compression-method' value.
3368 -- Scheme Procedure: digest->string enumval
3369 Return a string describing ENUMVAL, a 'digest' value.
3371 -- Scheme Procedure: mac->string enumval
3372 Return a string describing ENUMVAL, a 'mac' value.
3374 -- Scheme Procedure: credentials->string enumval
3375 Return a string describing ENUMVAL, a 'credentials' value.
3377 -- Scheme Procedure: params->string enumval
3378 Return a string describing ENUMVAL, a 'params' value.
3380 -- Scheme Procedure: kx->string enumval
3381 Return a string describing ENUMVAL, a 'kx' value.
3383 -- Scheme Procedure: cipher->string enumval
3384 Return a string describing ENUMVAL, a 'cipher' value.
3387 File: gnutls.info, Node: Extra Interface, Prev: Core Interface, Up: Guile Reference
3389 11.4.2 Extra Interface
3390 ----------------------
3392 This section lists the Scheme procedures exported by the '(gnutls
3393 extra)' module. This module is licenced under the GNU General Public
3394 Licence, version 3 or later.
3396 -- Scheme Procedure: set-certificate-credentials-openpgp-keys! cred pub
3398 Use certificate PUB and secret key SEC in certificate credentials
3401 -- Scheme Procedure: openpgp-keyring-contains-key-id? keyring id
3402 Return '#f' if key ID ID is in KEYRING, '#f' otherwise.
3404 -- Scheme Procedure: import-openpgp-keyring data format
3405 Import DATA (a u8vector) according to FORMAT and return the
3408 -- Scheme Procedure: openpgp-certificate-usage key
3409 Return a list of values denoting the key usage of KEY.
3411 -- Scheme Procedure: openpgp-certificate-version key
3412 Return the version of the OpenPGP message format (RFC2440) honored
3415 -- Scheme Procedure: openpgp-certificate-algorithm key
3416 Return two values: the certificate algorithm used by KEY and the
3417 number of bits used.
3419 -- Scheme Procedure: openpgp-certificate-names key
3420 Return the list of names for KEY.
3422 -- Scheme Procedure: openpgp-certificate-name key index
3423 Return the INDEXth name of KEY.
3425 -- Scheme Procedure: openpgp-certificate-fingerprint key
3426 Return a new u8vector denoting the fingerprint of KEY.
3428 -- Scheme Procedure: openpgp-certificate-fingerprint! key fpr
3429 Store in FPR (a u8vector) the fingerprint of KEY. Return the
3430 number of bytes stored in FPR.
3432 -- Scheme Procedure: openpgp-certificate-id! key id
3433 Store the ID (an 8 byte sequence) of certificate KEY in ID (a
3436 -- Scheme Procedure: openpgp-certificate-id key
3437 Return the ID (an 8-element u8vector) of certificate KEY.
3439 -- Scheme Procedure: import-openpgp-private-key data format [pass]
3440 Return a new OpenPGP private key object resulting from the import
3441 of DATA (a uniform array) according to FORMAT. Optionally, a
3442 passphrase may be provided.
3444 -- Scheme Procedure: import-openpgp-certificate data format
3445 Return a new OpenPGP certificate object resulting from the import
3446 of DATA (a uniform array) according to FORMAT.
3448 -- Scheme Procedure: openpgp-certificate-format->string enumval
3449 Return a string describing ENUMVAL, a 'openpgp-certificate-format'
3452 -- Scheme Procedure: openpgp-keyring? obj
3453 Return true if OBJ is of type 'openpgp-keyring'.
3455 -- Scheme Procedure: openpgp-private-key? obj
3456 Return true if OBJ is of type 'openpgp-private-key'.
3458 -- Scheme Procedure: openpgp-certificate? obj
3459 Return true if OBJ is of type 'openpgp-certificate'.
3462 File: gnutls.info, Node: Internal architecture of GnuTLS, Next: Copying Information, Prev: Guile Bindings, Up: Top
3464 12 Internal Architecture of GnuTLS
3465 **********************************
3467 This chapter is to give a brief description of the way GnuTLS works.
3468 The focus is to give an idea to potential developers and those who want
3469 to know what happens inside the black box.
3473 * The TLS Protocol::
3474 * TLS Handshake Protocol::
3475 * TLS Authentication Methods::
3476 * TLS Extension Handling::
3477 * Certificate Handling::
3478 * Cryptographic Backend::
3481 File: gnutls.info, Node: The TLS Protocol, Next: TLS Handshake Protocol, Up: Internal architecture of GnuTLS
3483 12.1 The TLS Protocol
3484 =====================
3486 The main needs for the TLS protocol to be used are shown in the image
3489 \0\b[image src="gnutls-client-server-use-case.png"
\0\b]
3491 This is being accomplished by the following object diagram. Note that
3492 since GnuTLS is being developed in C object are just structures with
3493 attributes. The operations listed are functions that require the first
3494 parameter to be that object.
\0\b[image src="gnutls-objects.png"
\0\b]
3497 File: gnutls.info, Node: TLS Handshake Protocol, Next: TLS Authentication Methods, Prev: The TLS Protocol, Up: Internal architecture of GnuTLS
3499 12.2 TLS Handshake Protocol
3500 ===========================
3502 The GnuTLS handshake protocol is implemented as a state machine that
3503 waits for input or returns immediately when the non-blocking transport
3504 layer functions are used. The main idea is shown in the following
3507 \0\b[image src="gnutls-handshake-state.png"
\0\b]
3509 Also the way the input is processed varies per ciphersuite. Several
3510 implementations of the internal handlers are available and *note
3511 gnutls_handshake:: only multiplexes the input to the appropriate
3512 handler. For example a PSK ciphersuite has a different implementation
3513 of the 'process_client_key_exchange' than a certificate ciphersuite.
3515 \0\b[image src="gnutls-handshake-sequence.png"
\0\b]
3518 File: gnutls.info, Node: TLS Authentication Methods, Next: TLS Extension Handling, Prev: TLS Handshake Protocol, Up: Internal architecture of GnuTLS
3520 12.3 TLS Authentication Methods
3521 ===============================
3523 In GnuTLS authentication methods can be implemented quite easily. Since
3524 the required changes to add a new authentication method affect only the
3525 handshake protocol, a simple interface is used. An authentication
3526 method needs only to implement the functions as seen in the figure
3529 \0\b[image src="gnutls-mod_auth_st.png"
\0\b]
3531 The functions that need to be implemented are the ones responsible for
3532 interpreting the handshake protocol messages. It is common for such
3533 functions to read data from one or more 'credentials_t' structures(1)
3534 and write data, such as certificates, usernames etc. to 'auth_info_t'
3537 Simple examples of existing authentication methods can be seen in
3538 'auth_psk.c' for PSK ciphersuites and 'auth_srp.c' for SRP ciphersuites.
3539 After implementing these functions the structure holding its pointers
3540 has to be registered in 'gnutls_algorithms.c' in the
3541 '_gnutls_kx_algorithms' structure.
3543 ---------- Footnotes ----------
3545 (1) such as the 'gnutls_certificate_credentials_t' structures
3548 File: gnutls.info, Node: TLS Extension Handling, Next: Certificate Handling, Prev: TLS Authentication Methods, Up: Internal architecture of GnuTLS
3550 12.4 TLS Extension Handling
3551 ===========================
3553 As with authentication methods, the TLS extensions handlers can be
3554 implemented using the following interface.
3556 \0\b[image src="gnutls-extensions_st.png"
\0\b]
3558 Here there are two functions, one for receiving the extension data and
3559 one for sending. These functions have to check internally whether they
3560 operate in client or server side.
3562 A simple example of an extension handler can be seen in 'ext_srp.c'
3563 After implementing these functions, together with the extension number
3564 they handle, they have to be registered in 'gnutls_extensions.c' in the
3565 '_gnutls_extensions' structure.
3567 12.4.1 Adding a New TLS Extension
3568 ---------------------------------
3570 Adding support for a new TLS extension is done from time to time, and
3571 the process to do so is not difficult. Here are the steps you need to
3572 follow if you wish to do this yourself. For sake of discussion, let's
3573 consider adding support for the hypothetical TLS extension 'foobar'.
3575 1. Add 'configure' option like '--enable-foobar' or
3578 This step is useful when the extension code is large and it might
3579 be desirable to disable the extension under some circumstances.
3580 Otherwise it can be safely skipped.
3582 Whether to chose enable or disable depends on whether you intend to
3583 make the extension be enabled by default. Look at existing checks
3584 (i.e., SRP, authz) for how to model the code. For example:
3586 AC_MSG_CHECKING([whether to disable foobar support])
3587 AC_ARG_ENABLE(foobar,
3588 AS_HELP_STRING([--disable-foobar],
3589 [disable foobar support]),
3590 ac_enable_foobar=no)
3591 if test x$ac_enable_foobar != xno; then
3593 AC_DEFINE(ENABLE_FOOBAR, 1, [enable foobar])
3598 AM_CONDITIONAL(ENABLE_FOOBAR, test "$ac_enable_foobar" != "no")
3600 These lines should go in 'lib/m4/hooks.m4'.
3602 2. Add IANA extension value to 'extensions_t' in 'gnutls_int.h'.
3604 A good name for the value would be GNUTLS_EXTENSION_FOOBAR. Check
3605 with 'http://www.iana.org/assignments/tls-extensiontype-values' for
3606 allocated values. For experiments, you could pick a number but
3607 remember that some consider it a bad idea to deploy such modified
3608 version since it will lead to interoperability problems in the
3609 future when the IANA allocates that number to someone else, or when
3610 the foobar protocol is allocated another number.
3612 3. Add an entry to '_gnutls_extensions' in 'gnutls_extensions.c'.
3614 A typical entry would be:
3623 ret = _gnutls_ext_register (&foobar_ext);
3624 if (ret != GNUTLS_E_SUCCESS)
3628 Most likely you'll need to add an '#include "ext_foobar.h"', that
3629 will contain something like like:
3630 extension_entry_st foobar_ext = {
3632 .type = GNUTLS_EXTENSION_FOOBAR,
3633 .parse_type = GNUTLS_EXT_TLS,
3634 .recv_func = _foobar_recv_params,
3635 .send_func = _foobar_send_params,
3636 .pack_func = _foobar_pack,
3637 .unpack_func = _foobar_unpack,
3641 The GNUTLS_EXTENSION_FOOBAR is the integer value you added to
3642 'gnutls_int.h' earlier. In this structure you specify the
3643 functions to read the extension from the hello message, the
3644 function to send the reply to, and two more functions to pack and
3645 unpack from stored session data (e.g. when resumming a session).
3646 The 'deinit' function will be called to deinitialize the
3647 extension's private parameters, if any.
3649 Note that the conditional 'ENABLE_FOOBAR' definition should only be
3650 used if step 1 with the 'configure' options has taken place.
3652 4. Add new files 'ext_foobar.c' and 'ext_foobar.h' that implement the
3655 The functions you are responsible to add are those mentioned in the
3656 previous step. As a starter, you could add this:
3659 _foobar_recv_params (gnutls_session_t session,
3660 const opaque * data,
3667 _foobar_send_params (gnutls_session_t session,
3675 _foobar_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps)
3677 /* Append the extension's internal state to buffer */
3682 _foobar_unpack (gnutls_buffer_st * ps, extension_priv_data_t * epriv)
3684 /* Read the internal state from buffer */
3688 The '_foobar_recv_params' function is responsible for parsing
3689 incoming extension data (both in the client and server).
3691 The '_foobar_send_params' function is responsible for sending
3692 extension data (both in the client and server).
3694 The '_foobar_pack' function is responsible for packing internal
3695 extension data to save them in the session storage.
3697 The '_foobar_unpack' function is responsible for restoring session
3698 data from the session storage.
3700 If you receive length fields that doesn't match, return
3701 'GNUTLS_E_UNEXPECTED_PACKET_LENGTH'. If you receive invalid data,
3702 return 'GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER'. You can use other
3703 error codes too. Return 0 on success.
3705 The function could store some information in the 'session' variable
3706 for later usage. That can be done using the functions
3707 '_gnutls_ext_set_session_data' and '_gnutls_ext_get_session_data'.
3708 You can check simple examples at 'ext_max_record.c' and
3709 'ext_server_name.c' extensions.
3711 Recall that both the client and server both send and receives
3712 parameters, and your code most likely will need to do different
3713 things depending on which mode it is in. It may be useful to make
3714 this distinction explicit in the code. Thus, for example, a better
3715 template than above would be:
3718 _gnutls_foobar_recv_params (gnutls_session_t session,
3719 const opaque * data,
3722 if (session->security_parameters.entity == GNUTLS_CLIENT)
3723 return foobar_recv_client (session, data, data_size);
3725 return foobar_recv_server (session, data, data_size);
3729 _gnutls_foobar_send_params (gnutls_session_t session,
3733 if (session->security_parameters.entity == GNUTLS_CLIENT)
3734 return foobar_send_client (session, data, data_size);
3736 return foobar_send_server (session, data, data_size);
3739 The functions used would be declared as 'static' functions, of the
3740 appropriate prototype, in the same file.
3742 When adding the files, you'll need to add them to 'Makefile.am' as
3746 COBJECTS += ext_foobar.c
3747 HFILES += ext_foobar.h
3750 5. Add API functions to enable/disable the extension.
3752 Normally the client will have one API to request use of the
3753 extension, and setting some extension specific data. The server
3754 will have one API to let the library know that it is willing to
3755 accept the extension, often this is implemented through a callback
3756 but it doesn't have to.
3758 The APIs need to be added to 'includes/gnutls/gnutls.h' or
3759 'includes/gnutls/extra.h' as appropriate. It is recommended that
3760 if you don't have a requirement to use the LGPLv2.1+ license for
3761 your extension, that you place your work under the GPLv3+ license
3762 and thus in the libgnutls-extra library.
3764 You can implement the API function in the 'ext_foobar.c' file, or
3765 if that file ends up becoming rather larger, add a
3766 'gnutls_foobar.c' file.
3768 To make the API available in the shared library you need to add the
3769 symbol in 'lib/libgnutls.map' or 'libextra/libgnutls-extra.map' as
3770 appropriate, so that the symbol is exported properly.
3772 When writing GTK-DOC style documentation for your new APIs, don't
3773 forget to add 'Since:' tags to indicate the GnuTLS version the API
3777 File: gnutls.info, Node: Certificate Handling, Next: Cryptographic Backend, Prev: TLS Extension Handling, Up: Internal architecture of GnuTLS
3779 12.5 Certificate Handling
3780 =========================
3782 What is provided by the certificate handling functions is summarized in
3783 the following diagram.
3785 \0\b[image src="gnutls-certificate-user-use-case.png"
\0\b]
3788 File: gnutls.info, Node: Cryptographic Backend, Prev: Certificate Handling, Up: Internal architecture of GnuTLS
3790 12.6 Cryptographic Backend
3791 ==========================
3793 Today most new processors, either for embedded or desktop systems
3794 include either instructions intended to speed up cryptographic
3795 operations, or a co-processor with cryptographic capabilities. Taking
3796 advantage of those is a challenging task for every cryptographic
3797 application or library. Unfortunately the cryptographic libraries that
3798 GnuTLS is based on take no advantage of these properties. For this
3799 reason GnuTLS handles this internally by following a layered approach to
3800 accessing cryptographic operations as in the following figure.
3802 \0\b[image src="gnutls-crypto-layers.png"
\0\b]
3804 The TLS layer uses a cryptographic provider layer, that will in turn
3805 either use the default crypto provider - a crypto library, or use an
3806 external crypto provider, if available.
3808 12.6.1 Cryptographic Library layer
3809 ----------------------------------
3811 The Cryptographic Library layer, can currently be used either with
3812 libgcrypt or libnettle, each of one has its advantages and some
3813 disadvantages. Libgcrypt is a self-contained library, pretty broad in
3814 scope that supports many algorithms. In some processors like VIA, it
3815 will also use the available crypto instruction set hence providing
3816 performance benefit comparing to plain software implementation.
3817 Libnettle provides only software implementation of the basic algorithms
3818 required in TLS, and is on average 30% faster that libgcrypt on almost
3819 all algorithms. For this reason libnettle is library used by default in
3822 12.6.2 External cryptography provider
3823 -------------------------------------
3825 Systems that include a cryptographic co-processor, typically come with
3826 kernel drivers to utilize the operations from software. For this reason
3827 GnuTLS provides a layer where each individual algorithm used can be
3828 replaced by another implementation, i.e. the one provided by the
3829 driver. The FreeBSD, OpenBSD and Linux kernels(1) include already a
3830 number of hardware assisted implementations, and also provide an
3831 interface to access them, called '/dev/crypto'. GnuTLS will take
3832 advantage of this interface if compiled with special options. That is
3833 because in most systems where hardware-assisted cryptographic operations
3834 are not available, using this interface might actually reduce
3837 It is possible to override parts of crypto backend both at runtime and
3838 compile time. Here we discuss the runtime possibility. The API
3839 available for this functionality is in 'gnutls/crypto.h' header file.
3841 12.6.2.1 Override specific algorithms
3842 .....................................
3844 When an optimized implementation of a single algorithm is available, say
3845 a hardware assisted version of AES-CBC then the following functions can
3846 be used to register those algorithms.
3848 * *note gnutls_crypto_single_cipher_register2:: To register a cipher
3851 *note gnutls_crypto_single_digest_register2:: To register a hash
3852 (digest) or MAC algorithm.
3854 Those registration functions will only replace the specified algorithm
3855 and leave the rest of subsystem intact.
3857 12.6.2.2 Override parts of the backend
3858 ......................................
3860 In some systems, such as embedded ones, it might be desirable to
3861 override big parts of the cryptographic backend, or even all of them.
3862 For this reason the following functions are provided.
3864 * *note gnutls_crypto_cipher_register2:: To override the
3865 cryptographic algorithms backend.
3867 * *note gnutls_crypto_digest_register2:: To override the digest
3870 * *note gnutls_crypto_rnd_register2:: To override the random number
3873 * *note gnutls_crypto_bigint_register2:: To override the big number
3874 number operations backend.
3876 * *note gnutls_crypto_pk_register2:: To override the public key
3877 encryption backend. This is tight to the big number operations so
3878 either both of them should be updated or care must be taken to use
3881 If all of them are used then GnuTLS will no longer use libgcrypt.
3883 ---------- Footnotes ----------
3885 (1) Check 'http://home.gna.org/cryptodev-linux/' for the Linux kernel
3886 implementation of '/dev/crypto'.
3889 File: gnutls.info, Node: Copying Information, Next: Bibliography, Prev: Internal architecture of GnuTLS, Up: Top
3891 Appendix A Copying Information
3892 ******************************
3896 * GNU Free Documentation License:: License for copying this manual.
3897 * GNU LGPL:: License for copying the core GnuTLS library.
3898 * GNU GPL:: License for copying GnuTLS-extra and tools.
3901 File: gnutls.info, Node: GNU Free Documentation License, Next: GNU LGPL, Up: Copying Information
3903 A.1 GNU Free Documentation License
3904 ==================================
3906 Version 1.3, 3 November 2008
3908 Copyright (C) 2000, 2001, 2002, 2007, 2008 Free Software Foundation, Inc.
3911 Everyone is permitted to copy and distribute verbatim copies
3912 of this license document, but changing it is not allowed.
3916 The purpose of this License is to make a manual, textbook, or other
3917 functional and useful document "free" in the sense of freedom: to
3918 assure everyone the effective freedom to copy and redistribute it,
3919 with or without modifying it, either commercially or
3920 noncommercially. Secondarily, this License preserves for the
3921 author and publisher a way to get credit for their work, while not
3922 being considered responsible for modifications made by others.
3924 This License is a kind of "copyleft", which means that derivative
3925 works of the document must themselves be free in the same sense.
3926 It complements the GNU General Public License, which is a copyleft
3927 license designed for free software.
3929 We have designed this License in order to use it for manuals for
3930 free software, because free software needs free documentation: a
3931 free program should come with manuals providing the same freedoms
3932 that the software does. But this License is not limited to
3933 software manuals; it can be used for any textual work, regardless
3934 of subject matter or whether it is published as a printed book. We
3935 recommend this License principally for works whose purpose is
3936 instruction or reference.
3938 1. APPLICABILITY AND DEFINITIONS
3940 This License applies to any manual or other work, in any medium,
3941 that contains a notice placed by the copyright holder saying it can
3942 be distributed under the terms of this License. Such a notice
3943 grants a world-wide, royalty-free license, unlimited in duration,
3944 to use that work under the conditions stated herein. The
3945 "Document", below, refers to any such manual or work. Any member
3946 of the public is a licensee, and is addressed as "you". You accept
3947 the license if you copy, modify or distribute the work in a way
3948 requiring permission under copyright law.
3950 A "Modified Version" of the Document means any work containing the
3951 Document or a portion of it, either copied verbatim, or with
3952 modifications and/or translated into another language.
3954 A "Secondary Section" is a named appendix or a front-matter section
3955 of the Document that deals exclusively with the relationship of the
3956 publishers or authors of the Document to the Document's overall
3957 subject (or to related matters) and contains nothing that could
3958 fall directly within that overall subject. (Thus, if the Document
3959 is in part a textbook of mathematics, a Secondary Section may not
3960 explain any mathematics.) The relationship could be a matter of
3961 historical connection with the subject or with related matters, or
3962 of legal, commercial, philosophical, ethical or political position
3965 The "Invariant Sections" are certain Secondary Sections whose
3966 titles are designated, as being those of Invariant Sections, in the
3967 notice that says that the Document is released under this License.
3968 If a section does not fit the above definition of Secondary then it
3969 is not allowed to be designated as Invariant. The Document may
3970 contain zero Invariant Sections. If the Document does not identify
3971 any Invariant Sections then there are none.
3973 The "Cover Texts" are certain short passages of text that are
3974 listed, as Front-Cover Texts or Back-Cover Texts, in the notice
3975 that says that the Document is released under this License. A
3976 Front-Cover Text may be at most 5 words, and a Back-Cover Text may
3977 be at most 25 words.
3979 A "Transparent" copy of the Document means a machine-readable copy,
3980 represented in a format whose specification is available to the
3981 general public, that is suitable for revising the document
3982 straightforwardly with generic text editors or (for images composed
3983 of pixels) generic paint programs or (for drawings) some widely
3984 available drawing editor, and that is suitable for input to text
3985 formatters or for automatic translation to a variety of formats
3986 suitable for input to text formatters. A copy made in an otherwise
3987 Transparent file format whose markup, or absence of markup, has
3988 been arranged to thwart or discourage subsequent modification by
3989 readers is not Transparent. An image format is not Transparent if
3990 used for any substantial amount of text. A copy that is not
3991 "Transparent" is called "Opaque".
3993 Examples of suitable formats for Transparent copies include plain
3994 ASCII without markup, Texinfo input format, LaTeX input format,
3995 SGML or XML using a publicly available DTD, and standard-conforming
3996 simple HTML, PostScript or PDF designed for human modification.
3997 Examples of transparent image formats include PNG, XCF and JPG.
3998 Opaque formats include proprietary formats that can be read and
3999 edited only by proprietary word processors, SGML or XML for which
4000 the DTD and/or processing tools are not generally available, and
4001 the machine-generated HTML, PostScript or PDF produced by some word
4002 processors for output purposes only.
4004 The "Title Page" means, for a printed book, the title page itself,
4005 plus such following pages as are needed to hold, legibly, the
4006 material this License requires to appear in the title page. For
4007 works in formats which do not have any title page as such, "Title
4008 Page" means the text near the most prominent appearance of the
4009 work's title, preceding the beginning of the body of the text.
4011 The "publisher" means any person or entity that distributes copies
4012 of the Document to the public.
4014 A section "Entitled XYZ" means a named subunit of the Document
4015 whose title either is precisely XYZ or contains XYZ in parentheses
4016 following text that translates XYZ in another language. (Here XYZ
4017 stands for a specific section name mentioned below, such as
4018 "Acknowledgements", "Dedications", "Endorsements", or "History".)
4019 To "Preserve the Title" of such a section when you modify the
4020 Document means that it remains a section "Entitled XYZ" according
4023 The Document may include Warranty Disclaimers next to the notice
4024 which states that this License applies to the Document. These
4025 Warranty Disclaimers are considered to be included by reference in
4026 this License, but only as regards disclaiming warranties: any other
4027 implication that these Warranty Disclaimers may have is void and
4028 has no effect on the meaning of this License.
4032 You may copy and distribute the Document in any medium, either
4033 commercially or noncommercially, provided that this License, the
4034 copyright notices, and the license notice saying this License
4035 applies to the Document are reproduced in all copies, and that you
4036 add no other conditions whatsoever to those of this License. You
4037 may not use technical measures to obstruct or control the reading
4038 or further copying of the copies you make or distribute. However,
4039 you may accept compensation in exchange for copies. If you
4040 distribute a large enough number of copies you must also follow the
4041 conditions in section 3.
4043 You may also lend copies, under the same conditions stated above,
4044 and you may publicly display copies.
4046 3. COPYING IN QUANTITY
4048 If you publish printed copies (or copies in media that commonly
4049 have printed covers) of the Document, numbering more than 100, and
4050 the Document's license notice requires Cover Texts, you must
4051 enclose the copies in covers that carry, clearly and legibly, all
4052 these Cover Texts: Front-Cover Texts on the front cover, and
4053 Back-Cover Texts on the back cover. Both covers must also clearly
4054 and legibly identify you as the publisher of these copies. The
4055 front cover must present the full title with all words of the title
4056 equally prominent and visible. You may add other material on the
4057 covers in addition. Copying with changes limited to the covers, as
4058 long as they preserve the title of the Document and satisfy these
4059 conditions, can be treated as verbatim copying in other respects.
4061 If the required texts for either cover are too voluminous to fit
4062 legibly, you should put the first ones listed (as many as fit
4063 reasonably) on the actual cover, and continue the rest onto
4066 If you publish or distribute Opaque copies of the Document
4067 numbering more than 100, you must either include a machine-readable
4068 Transparent copy along with each Opaque copy, or state in or with
4069 each Opaque copy a computer-network location from which the general
4070 network-using public has access to download using public-standard
4071 network protocols a complete Transparent copy of the Document, free
4072 of added material. If you use the latter option, you must take
4073 reasonably prudent steps, when you begin distribution of Opaque
4074 copies in quantity, to ensure that this Transparent copy will
4075 remain thus accessible at the stated location until at least one
4076 year after the last time you distribute an Opaque copy (directly or
4077 through your agents or retailers) of that edition to the public.
4079 It is requested, but not required, that you contact the authors of
4080 the Document well before redistributing any large number of copies,
4081 to give them a chance to provide you with an updated version of the
4086 You may copy and distribute a Modified Version of the Document
4087 under the conditions of sections 2 and 3 above, provided that you
4088 release the Modified Version under precisely this License, with the
4089 Modified Version filling the role of the Document, thus licensing
4090 distribution and modification of the Modified Version to whoever
4091 possesses a copy of it. In addition, you must do these things in
4092 the Modified Version:
4094 A. Use in the Title Page (and on the covers, if any) a title
4095 distinct from that of the Document, and from those of previous
4096 versions (which should, if there were any, be listed in the
4097 History section of the Document). You may use the same title
4098 as a previous version if the original publisher of that
4099 version gives permission.
4101 B. List on the Title Page, as authors, one or more persons or
4102 entities responsible for authorship of the modifications in
4103 the Modified Version, together with at least five of the
4104 principal authors of the Document (all of its principal
4105 authors, if it has fewer than five), unless they release you
4106 from this requirement.
4108 C. State on the Title page the name of the publisher of the
4109 Modified Version, as the publisher.
4111 D. Preserve all the copyright notices of the Document.
4113 E. Add an appropriate copyright notice for your modifications
4114 adjacent to the other copyright notices.
4116 F. Include, immediately after the copyright notices, a license
4117 notice giving the public permission to use the Modified
4118 Version under the terms of this License, in the form shown in
4121 G. Preserve in that license notice the full lists of Invariant
4122 Sections and required Cover Texts given in the Document's
4125 H. Include an unaltered copy of this License.
4127 I. Preserve the section Entitled "History", Preserve its Title,
4128 and add to it an item stating at least the title, year, new
4129 authors, and publisher of the Modified Version as given on the
4130 Title Page. If there is no section Entitled "History" in the
4131 Document, create one stating the title, year, authors, and
4132 publisher of the Document as given on its Title Page, then add
4133 an item describing the Modified Version as stated in the
4136 J. Preserve the network location, if any, given in the Document
4137 for public access to a Transparent copy of the Document, and
4138 likewise the network locations given in the Document for
4139 previous versions it was based on. These may be placed in the
4140 "History" section. You may omit a network location for a work
4141 that was published at least four years before the Document
4142 itself, or if the original publisher of the version it refers
4143 to gives permission.
4145 K. For any section Entitled "Acknowledgements" or "Dedications",
4146 Preserve the Title of the section, and preserve in the section
4147 all the substance and tone of each of the contributor
4148 acknowledgements and/or dedications given therein.
4150 L. Preserve all the Invariant Sections of the Document, unaltered
4151 in their text and in their titles. Section numbers or the
4152 equivalent are not considered part of the section titles.
4154 M. Delete any section Entitled "Endorsements". Such a section
4155 may not be included in the Modified Version.
4157 N. Do not retitle any existing section to be Entitled
4158 "Endorsements" or to conflict in title with any Invariant
4161 O. Preserve any Warranty Disclaimers.
4163 If the Modified Version includes new front-matter sections or
4164 appendices that qualify as Secondary Sections and contain no
4165 material copied from the Document, you may at your option designate
4166 some or all of these sections as invariant. To do this, add their
4167 titles to the list of Invariant Sections in the Modified Version's
4168 license notice. These titles must be distinct from any other
4171 You may add a section Entitled "Endorsements", provided it contains
4172 nothing but endorsements of your Modified Version by various
4173 parties--for example, statements of peer review or that the text
4174 has been approved by an organization as the authoritative
4175 definition of a standard.
4177 You may add a passage of up to five words as a Front-Cover Text,
4178 and a passage of up to 25 words as a Back-Cover Text, to the end of
4179 the list of Cover Texts in the Modified Version. Only one passage
4180 of Front-Cover Text and one of Back-Cover Text may be added by (or
4181 through arrangements made by) any one entity. If the Document
4182 already includes a cover text for the same cover, previously added
4183 by you or by arrangement made by the same entity you are acting on
4184 behalf of, you may not add another; but you may replace the old
4185 one, on explicit permission from the previous publisher that added
4188 The author(s) and publisher(s) of the Document do not by this
4189 License give permission to use their names for publicity for or to
4190 assert or imply endorsement of any Modified Version.
4192 5. COMBINING DOCUMENTS
4194 You may combine the Document with other documents released under
4195 this License, under the terms defined in section 4 above for
4196 modified versions, provided that you include in the combination all
4197 of the Invariant Sections of all of the original documents,
4198 unmodified, and list them all as Invariant Sections of your
4199 combined work in its license notice, and that you preserve all
4200 their Warranty Disclaimers.
4202 The combined work need only contain one copy of this License, and
4203 multiple identical Invariant Sections may be replaced with a single
4204 copy. If there are multiple Invariant Sections with the same name
4205 but different contents, make the title of each such section unique
4206 by adding at the end of it, in parentheses, the name of the
4207 original author or publisher of that section if known, or else a
4208 unique number. Make the same adjustment to the section titles in
4209 the list of Invariant Sections in the license notice of the
4212 In the combination, you must combine any sections Entitled
4213 "History" in the various original documents, forming one section
4214 Entitled "History"; likewise combine any sections Entitled
4215 "Acknowledgements", and any sections Entitled "Dedications". You
4216 must delete all sections Entitled "Endorsements."
4218 6. COLLECTIONS OF DOCUMENTS
4220 You may make a collection consisting of the Document and other
4221 documents released under this License, and replace the individual
4222 copies of this License in the various documents with a single copy
4223 that is included in the collection, provided that you follow the
4224 rules of this License for verbatim copying of each of the documents
4225 in all other respects.
4227 You may extract a single document from such a collection, and
4228 distribute it individually under this License, provided you insert
4229 a copy of this License into the extracted document, and follow this
4230 License in all other respects regarding verbatim copying of that
4233 7. AGGREGATION WITH INDEPENDENT WORKS
4235 A compilation of the Document or its derivatives with other
4236 separate and independent documents or works, in or on a volume of a
4237 storage or distribution medium, is called an "aggregate" if the
4238 copyright resulting from the compilation is not used to limit the
4239 legal rights of the compilation's users beyond what the individual
4240 works permit. When the Document is included in an aggregate, this
4241 License does not apply to the other works in the aggregate which
4242 are not themselves derivative works of the Document.
4244 If the Cover Text requirement of section 3 is applicable to these
4245 copies of the Document, then if the Document is less than one half
4246 of the entire aggregate, the Document's Cover Texts may be placed
4247 on covers that bracket the Document within the aggregate, or the
4248 electronic equivalent of covers if the Document is in electronic
4249 form. Otherwise they must appear on printed covers that bracket
4250 the whole aggregate.
4254 Translation is considered a kind of modification, so you may
4255 distribute translations of the Document under the terms of section
4256 4. Replacing Invariant Sections with translations requires special
4257 permission from their copyright holders, but you may include
4258 translations of some or all Invariant Sections in addition to the
4259 original versions of these Invariant Sections. You may include a
4260 translation of this License, and all the license notices in the
4261 Document, and any Warranty Disclaimers, provided that you also
4262 include the original English version of this License and the
4263 original versions of those notices and disclaimers. In case of a
4264 disagreement between the translation and the original version of
4265 this License or a notice or disclaimer, the original version will
4268 If a section in the Document is Entitled "Acknowledgements",
4269 "Dedications", or "History", the requirement (section 4) to
4270 Preserve its Title (section 1) will typically require changing the
4275 You may not copy, modify, sublicense, or distribute the Document
4276 except as expressly provided under this License. Any attempt
4277 otherwise to copy, modify, sublicense, or distribute it is void,
4278 and will automatically terminate your rights under this License.
4280 However, if you cease all violation of this License, then your
4281 license from a particular copyright holder is reinstated (a)
4282 provisionally, unless and until the copyright holder explicitly and
4283 finally terminates your license, and (b) permanently, if the
4284 copyright holder fails to notify you of the violation by some
4285 reasonable means prior to 60 days after the cessation.
4287 Moreover, your license from a particular copyright holder is
4288 reinstated permanently if the copyright holder notifies you of the
4289 violation by some reasonable means, this is the first time you have
4290 received notice of violation of this License (for any work) from
4291 that copyright holder, and you cure the violation prior to 30 days
4292 after your receipt of the notice.
4294 Termination of your rights under this section does not terminate
4295 the licenses of parties who have received copies or rights from you
4296 under this License. If your rights have been terminated and not
4297 permanently reinstated, receipt of a copy of some or all of the
4298 same material does not give you any rights to use it.
4300 10. FUTURE REVISIONS OF THIS LICENSE
4302 The Free Software Foundation may publish new, revised versions of
4303 the GNU Free Documentation License from time to time. Such new
4304 versions will be similar in spirit to the present version, but may
4305 differ in detail to address new problems or concerns. See
4306 'http://www.gnu.org/copyleft/'.
4308 Each version of the License is given a distinguishing version
4309 number. If the Document specifies that a particular numbered
4310 version of this License "or any later version" applies to it, you
4311 have the option of following the terms and conditions either of
4312 that specified version or of any later version that has been
4313 published (not as a draft) by the Free Software Foundation. If the
4314 Document does not specify a version number of this License, you may
4315 choose any version ever published (not as a draft) by the Free
4316 Software Foundation. If the Document specifies that a proxy can
4317 decide which future versions of this License can be used, that
4318 proxy's public statement of acceptance of a version permanently
4319 authorizes you to choose that version for the Document.
4323 "Massive Multiauthor Collaboration Site" (or "MMC Site") means any
4324 World Wide Web server that publishes copyrightable works and also
4325 provides prominent facilities for anybody to edit those works. A
4326 public wiki that anybody can edit is an example of such a server.
4327 A "Massive Multiauthor Collaboration" (or "MMC") contained in the
4328 site means any set of copyrightable works thus published on the MMC
4331 "CC-BY-SA" means the Creative Commons Attribution-Share Alike 3.0
4332 license published by Creative Commons Corporation, a not-for-profit
4333 corporation with a principal place of business in San Francisco,
4334 California, as well as future copyleft versions of that license
4335 published by that same organization.
4337 "Incorporate" means to publish or republish a Document, in whole or
4338 in part, as part of another Document.
4340 An MMC is "eligible for relicensing" if it is licensed under this
4341 License, and if all works that were first published under this
4342 License somewhere other than this MMC, and subsequently
4343 incorporated in whole or in part into the MMC, (1) had no cover
4344 texts or invariant sections, and (2) were thus incorporated prior
4345 to November 1, 2008.
4347 The operator of an MMC Site may republish an MMC contained in the
4348 site under CC-BY-SA on the same site at any time before August 1,
4349 2009, provided the MMC is eligible for relicensing.
4351 ADDENDUM: How to use this License for your documents
4352 ====================================================
4354 To use this License in a document you have written, include a copy of
4355 the License in the document and put the following copyright and license
4356 notices just after the title page:
4358 Copyright (C) YEAR YOUR NAME.
4359 Permission is granted to copy, distribute and/or modify this document
4360 under the terms of the GNU Free Documentation License, Version 1.3
4361 or any later version published by the Free Software Foundation;
4362 with no Invariant Sections, no Front-Cover Texts, and no Back-Cover
4363 Texts. A copy of the license is included in the section entitled ``GNU
4364 Free Documentation License''.
4366 If you have Invariant Sections, Front-Cover Texts and Back-Cover Texts,
4367 replace the "with...Texts." line with this:
4369 with the Invariant Sections being LIST THEIR TITLES, with
4370 the Front-Cover Texts being LIST, and with the Back-Cover Texts
4373 If you have Invariant Sections without Cover Texts, or some other
4374 combination of the three, merge those two alternatives to suit the
4377 If your document contains nontrivial examples of program code, we
4378 recommend releasing these examples in parallel under your choice of free
4379 software license, such as the GNU General Public License, to permit
4380 their use in free software.
4383 File: gnutls.info, Node: GNU LGPL, Next: GNU GPL, Prev: GNU Free Documentation License, Up: Copying Information
4385 A.2 GNU Lesser General Public License
4386 =====================================
4388 Version 2.1, February 1999
4390 Copyright (C) 1991, 1999 Free Software Foundation, Inc.
4391 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
4393 Everyone is permitted to copy and distribute verbatim copies
4394 of this license document, but changing it is not allowed.
4396 [This is the first released version of the Lesser GPL. It also counts
4397 as the successor of the GNU Library Public License, version 2, hence the
4398 version number 2.1.]
4403 The licenses for most software are designed to take away your freedom to
4404 share and change it. By contrast, the GNU General Public Licenses are
4405 intended to guarantee your freedom to share and change free software--to
4406 make sure the software is free for all its users.
4408 This license, the Lesser General Public License, applies to some
4409 specially designated software--typically libraries--of the Free Software
4410 Foundation and other authors who decide to use it. You can use it too,
4411 but we suggest you first think carefully about whether this license or
4412 the ordinary General Public License is the better strategy to use in any
4413 particular case, based on the explanations below.
4415 When we speak of free software, we are referring to freedom of use, not
4416 price. Our General Public Licenses are designed to make sure that you
4417 have the freedom to distribute copies of free software (and charge for
4418 this service if you wish); that you receive source code or can get it if
4419 you want it; that you can change the software and use pieces of it in
4420 new free programs; and that you are informed that you can do these
4423 To protect your rights, we need to make restrictions that forbid
4424 distributors to deny you these rights or to ask you to surrender these
4425 rights. These restrictions translate to certain responsibilities for
4426 you if you distribute copies of the library or if you modify it.
4428 For example, if you distribute copies of the library, whether gratis or
4429 for a fee, you must give the recipients all the rights that we gave you.
4430 You must make sure that they, too, receive or can get the source code.
4431 If you link other code with the library, you must provide complete
4432 object files to the recipients, so that they can relink them with the
4433 library after making changes to the library and recompiling it. And you
4434 must show them these terms so they know their rights.
4436 We protect your rights with a two-step method: (1) we copyright the
4437 library, and (2) we offer you this license, which gives you legal
4438 permission to copy, distribute and/or modify the library.
4440 To protect each distributor, we want to make it very clear that there is
4441 no warranty for the free library. Also, if the library is modified by
4442 someone else and passed on, the recipients should know that what they
4443 have is not the original version, so that the original author's
4444 reputation will not be affected by problems that might be introduced by
4447 Finally, software patents pose a constant threat to the existence of any
4448 free program. We wish to make sure that a company cannot effectively
4449 restrict the users of a free program by obtaining a restrictive license
4450 from a patent holder. Therefore, we insist that any patent license
4451 obtained for a version of the library must be consistent with the full
4452 freedom of use specified in this license.
4454 Most GNU software, including some libraries, is covered by the ordinary
4455 GNU General Public License. This license, the GNU Lesser General Public
4456 License, applies to certain designated libraries, and is quite different
4457 from the ordinary General Public License. We use this license for
4458 certain libraries in order to permit linking those libraries into
4461 When a program is linked with a library, whether statically or using a
4462 shared library, the combination of the two is legally speaking a
4463 combined work, a derivative of the original library. The ordinary
4464 General Public License therefore permits such linking only if the entire
4465 combination fits its criteria of freedom. The Lesser General Public
4466 License permits more lax criteria for linking other code with the
4469 We call this license the "Lesser" General Public License because it does
4470 _Less_ to protect the user's freedom than the ordinary General Public
4471 License. It also provides other free software developers Less of an
4472 advantage over competing non-free programs. These disadvantages are the
4473 reason we use the ordinary General Public License for many libraries.
4474 However, the Lesser license provides advantages in certain special
4477 For example, on rare occasions, there may be a special need to encourage
4478 the widest possible use of a certain library, so that it becomes a
4479 de-facto standard. To achieve this, non-free programs must be allowed
4480 to use the library. A more frequent case is that a free library does
4481 the same job as widely used non-free libraries. In this case, there is
4482 little to gain by limiting the free library to free software only, so we
4483 use the Lesser General Public License.
4485 In other cases, permission to use a particular library in non-free
4486 programs enables a greater number of people to use a large body of free
4487 software. For example, permission to use the GNU C Library in non-free
4488 programs enables many more people to use the whole GNU operating system,
4489 as well as its variant, the GNU/Linux operating system.
4491 Although the Lesser General Public License is Less protective of the
4492 users' freedom, it does ensure that the user of a program that is linked
4493 with the Library has the freedom and the wherewithal to run that program
4494 using a modified version of the Library.
4496 The precise terms and conditions for copying, distribution and
4497 modification follow. Pay close attention to the difference between a
4498 "work based on the library" and a "work that uses the library". The
4499 former contains code derived from the library, whereas the latter must
4500 be combined with the library in order to run.
4502 TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
4503 ---------------------------------------------------------------
4505 0. This License Agreement applies to any software library or other
4506 program which contains a notice placed by the copyright holder or
4507 other authorized party saying it may be distributed under the terms
4508 of this Lesser General Public License (also called "this License").
4509 Each licensee is addressed as "you".
4511 A "library" means a collection of software functions and/or data
4512 prepared so as to be conveniently linked with application programs
4513 (which use some of those functions and data) to form executables.
4515 The "Library", below, refers to any such software library or work
4516 which has been distributed under these terms. A "work based on the
4517 Library" means either the Library or any derivative work under
4518 copyright law: that is to say, a work containing the Library or a
4519 portion of it, either verbatim or with modifications and/or
4520 translated straightforwardly into another language. (Hereinafter,
4521 translation is included without limitation in the term
4524 "Source code" for a work means the preferred form of the work for
4525 making modifications to it. For a library, complete source code
4526 means all the source code for all modules it contains, plus any
4527 associated interface definition files, plus the scripts used to
4528 control compilation and installation of the library.
4530 Activities other than copying, distribution and modification are
4531 not covered by this License; they are outside its scope. The act
4532 of running a program using the Library is not restricted, and
4533 output from such a program is covered only if its contents
4534 constitute a work based on the Library (independent of the use of
4535 the Library in a tool for writing it). Whether that is true
4536 depends on what the Library does and what the program that uses the
4539 1. You may copy and distribute verbatim copies of the Library's
4540 complete source code as you receive it, in any medium, provided
4541 that you conspicuously and appropriately publish on each copy an
4542 appropriate copyright notice and disclaimer of warranty; keep
4543 intact all the notices that refer to this License and to the
4544 absence of any warranty; and distribute a copy of this License
4545 along with the Library.
4547 You may charge a fee for the physical act of transferring a copy,
4548 and you may at your option offer warranty protection in exchange
4551 2. You may modify your copy or copies of the Library or any portion of
4552 it, thus forming a work based on the Library, and copy and
4553 distribute such modifications or work under the terms of Section 1
4554 above, provided that you also meet all of these conditions:
4556 a. The modified work must itself be a software library.
4558 b. You must cause the files modified to carry prominent notices
4559 stating that you changed the files and the date of any change.
4561 c. You must cause the whole of the work to be licensed at no
4562 charge to all third parties under the terms of this License.
4564 d. If a facility in the modified Library refers to a function or
4565 a table of data to be supplied by an application program that
4566 uses the facility, other than as an argument passed when the
4567 facility is invoked, then you must make a good faith effort to
4568 ensure that, in the event an application does not supply such
4569 function or table, the facility still operates, and performs
4570 whatever part of its purpose remains meaningful.
4572 (For example, a function in a library to compute square roots
4573 has a purpose that is entirely well-defined independent of the
4574 application. Therefore, Subsection 2d requires that any
4575 application-supplied function or table used by this function
4576 must be optional: if the application does not supply it, the
4577 square root function must still compute square roots.)
4579 These requirements apply to the modified work as a whole. If
4580 identifiable sections of that work are not derived from the
4581 Library, and can be reasonably considered independent and separate
4582 works in themselves, then this License, and its terms, do not apply
4583 to those sections when you distribute them as separate works. But
4584 when you distribute the same sections as part of a whole which is a
4585 work based on the Library, the distribution of the whole must be on
4586 the terms of this License, whose permissions for other licensees
4587 extend to the entire whole, and thus to each and every part
4588 regardless of who wrote it.
4590 Thus, it is not the intent of this section to claim rights or
4591 contest your rights to work written entirely by you; rather, the
4592 intent is to exercise the right to control the distribution of
4593 derivative or collective works based on the Library.
4595 In addition, mere aggregation of another work not based on the
4596 Library with the Library (or with a work based on the Library) on a
4597 volume of a storage or distribution medium does not bring the other
4598 work under the scope of this License.
4600 3. You may opt to apply the terms of the ordinary GNU General Public
4601 License instead of this License to a given copy of the Library. To
4602 do this, you must alter all the notices that refer to this License,
4603 so that they refer to the ordinary GNU General Public License,
4604 version 2, instead of to this License. (If a newer version than
4605 version 2 of the ordinary GNU General Public License has appeared,
4606 then you can specify that version instead if you wish.) Do not
4607 make any other change in these notices.
4609 Once this change is made in a given copy, it is irreversible for
4610 that copy, so the ordinary GNU General Public License applies to
4611 all subsequent copies and derivative works made from that copy.
4613 This option is useful when you wish to copy part of the code of the
4614 Library into a program that is not a library.
4616 4. You may copy and distribute the Library (or a portion or derivative
4617 of it, under Section 2) in object code or executable form under the
4618 terms of Sections 1 and 2 above provided that you accompany it with
4619 the complete corresponding machine-readable source code, which must
4620 be distributed under the terms of Sections 1 and 2 above on a
4621 medium customarily used for software interchange.
4623 If distribution of object code is made by offering access to copy
4624 from a designated place, then offering equivalent access to copy
4625 the source code from the same place satisfies the requirement to
4626 distribute the source code, even though third parties are not
4627 compelled to copy the source along with the object code.
4629 5. A program that contains no derivative of any portion of the
4630 Library, but is designed to work with the Library by being compiled
4631 or linked with it, is called a "work that uses the Library". Such
4632 a work, in isolation, is not a derivative work of the Library, and
4633 therefore falls outside the scope of this License.
4635 However, linking a "work that uses the Library" with the Library
4636 creates an executable that is a derivative of the Library (because
4637 it contains portions of the Library), rather than a "work that uses
4638 the library". The executable is therefore covered by this License.
4639 Section 6 states terms for distribution of such executables.
4641 When a "work that uses the Library" uses material from a header
4642 file that is part of the Library, the object code for the work may
4643 be a derivative work of the Library even though the source code is
4644 not. Whether this is true is especially significant if the work
4645 can be linked without the Library, or if the work is itself a
4646 library. The threshold for this to be true is not precisely
4649 If such an object file uses only numerical parameters, data
4650 structure layouts and accessors, and small macros and small inline
4651 functions (ten lines or less in length), then the use of the object
4652 file is unrestricted, regardless of whether it is legally a
4653 derivative work. (Executables containing this object code plus
4654 portions of the Library will still fall under Section 6.)
4656 Otherwise, if the work is a derivative of the Library, you may
4657 distribute the object code for the work under the terms of Section
4658 6. Any executables containing that work also fall under Section 6,
4659 whether or not they are linked directly with the Library itself.
4661 6. As an exception to the Sections above, you may also combine or link
4662 a "work that uses the Library" with the Library to produce a work
4663 containing portions of the Library, and distribute that work under
4664 terms of your choice, provided that the terms permit modification
4665 of the work for the customer's own use and reverse engineering for
4666 debugging such modifications.
4668 You must give prominent notice with each copy of the work that the
4669 Library is used in it and that the Library and its use are covered
4670 by this License. You must supply a copy of this License. If the
4671 work during execution displays copyright notices, you must include
4672 the copyright notice for the Library among them, as well as a
4673 reference directing the user to the copy of this License. Also,
4674 you must do one of these things:
4676 a. Accompany the work with the complete corresponding
4677 machine-readable source code for the Library including
4678 whatever changes were used in the work (which must be
4679 distributed under Sections 1 and 2 above); and, if the work is
4680 an executable linked with the Library, with the complete
4681 machine-readable "work that uses the Library", as object code
4682 and/or source code, so that the user can modify the Library
4683 and then relink to produce a modified executable containing
4684 the modified Library. (It is understood that the user who
4685 changes the contents of definitions files in the Library will
4686 not necessarily be able to recompile the application to use
4687 the modified definitions.)
4689 b. Use a suitable shared library mechanism for linking with the
4690 Library. A suitable mechanism is one that (1) uses at run
4691 time a copy of the library already present on the user's
4692 computer system, rather than copying library functions into
4693 the executable, and (2) will operate properly with a modified
4694 version of the library, if the user installs one, as long as
4695 the modified version is interface-compatible with the version
4696 that the work was made with.
4698 c. Accompany the work with a written offer, valid for at least
4699 three years, to give the same user the materials specified in
4700 Subsection 6a, above, for a charge no more than the cost of
4701 performing this distribution.
4703 d. If distribution of the work is made by offering access to copy
4704 from a designated place, offer equivalent access to copy the
4705 above specified materials from the same place.
4707 e. Verify that the user has already received a copy of these
4708 materials or that you have already sent this user a copy.
4710 For an executable, the required form of the "work that uses the
4711 Library" must include any data and utility programs needed for
4712 reproducing the executable from it. However, as a special
4713 exception, the materials to be distributed need not include
4714 anything that is normally distributed (in either source or binary
4715 form) with the major components (compiler, kernel, and so on) of
4716 the operating system on which the executable runs, unless that
4717 component itself accompanies the executable.
4719 It may happen that this requirement contradicts the license
4720 restrictions of other proprietary libraries that do not normally
4721 accompany the operating system. Such a contradiction means you
4722 cannot use both them and the Library together in an executable that
4725 7. You may place library facilities that are a work based on the
4726 Library side-by-side in a single library together with other
4727 library facilities not covered by this License, and distribute such
4728 a combined library, provided that the separate distribution of the
4729 work based on the Library and of the other library facilities is
4730 otherwise permitted, and provided that you do these two things:
4732 a. Accompany the combined library with a copy of the same work
4733 based on the Library, uncombined with any other library
4734 facilities. This must be distributed under the terms of the
4737 b. Give prominent notice with the combined library of the fact
4738 that part of it is a work based on the Library, and explaining
4739 where to find the accompanying uncombined form of the same
4742 8. You may not copy, modify, sublicense, link with, or distribute the
4743 Library except as expressly provided under this License. Any
4744 attempt otherwise to copy, modify, sublicense, link with, or
4745 distribute the Library is void, and will automatically terminate
4746 your rights under this License. However, parties who have received
4747 copies, or rights, from you under this License will not have their
4748 licenses terminated so long as such parties remain in full
4751 9. You are not required to accept this License, since you have not
4752 signed it. However, nothing else grants you permission to modify
4753 or distribute the Library or its derivative works. These actions
4754 are prohibited by law if you do not accept this License.
4755 Therefore, by modifying or distributing the Library (or any work
4756 based on the Library), you indicate your acceptance of this License
4757 to do so, and all its terms and conditions for copying,
4758 distributing or modifying the Library or works based on it.
4760 10. Each time you redistribute the Library (or any work based on the
4761 Library), the recipient automatically receives a license from the
4762 original licensor to copy, distribute, link with or modify the
4763 Library subject to these terms and conditions. You may not impose
4764 any further restrictions on the recipients' exercise of the rights
4765 granted herein. You are not responsible for enforcing compliance
4766 by third parties with this License.
4768 11. If, as a consequence of a court judgment or allegation of patent
4769 infringement or for any other reason (not limited to patent
4770 issues), conditions are imposed on you (whether by court order,
4771 agreement or otherwise) that contradict the conditions of this
4772 License, they do not excuse you from the conditions of this
4773 License. If you cannot distribute so as to satisfy simultaneously
4774 your obligations under this License and any other pertinent
4775 obligations, then as a consequence you may not distribute the
4776 Library at all. For example, if a patent license would not permit
4777 royalty-free redistribution of the Library by all those who receive
4778 copies directly or indirectly through you, then the only way you
4779 could satisfy both it and this License would be to refrain entirely
4780 from distribution of the Library.
4782 If any portion of this section is held invalid or unenforceable
4783 under any particular circumstance, the balance of the section is
4784 intended to apply, and the section as a whole is intended to apply
4785 in other circumstances.
4787 It is not the purpose of this section to induce you to infringe any
4788 patents or other property right claims or to contest validity of
4789 any such claims; this section has the sole purpose of protecting
4790 the integrity of the free software distribution system which is
4791 implemented by public license practices. Many people have made
4792 generous contributions to the wide range of software distributed
4793 through that system in reliance on consistent application of that
4794 system; it is up to the author/donor to decide if he or she is
4795 willing to distribute software through any other system and a
4796 licensee cannot impose that choice.
4798 This section is intended to make thoroughly clear what is believed
4799 to be a consequence of the rest of this License.
4801 12. If the distribution and/or use of the Library is restricted in
4802 certain countries either by patents or by copyrighted interfaces,
4803 the original copyright holder who places the Library under this
4804 License may add an explicit geographical distribution limitation
4805 excluding those countries, so that distribution is permitted only
4806 in or among countries not thus excluded. In such case, this
4807 License incorporates the limitation as if written in the body of
4810 13. The Free Software Foundation may publish revised and/or new
4811 versions of the Lesser General Public License from time to time.
4812 Such new versions will be similar in spirit to the present version,
4813 but may differ in detail to address new problems or concerns.
4815 Each version is given a distinguishing version number. If the
4816 Library specifies a version number of this License which applies to
4817 it and "any later version", you have the option of following the
4818 terms and conditions either of that version or of any later version
4819 published by the Free Software Foundation. If the Library does not
4820 specify a license version number, you may choose any version ever
4821 published by the Free Software Foundation.
4823 14. If you wish to incorporate parts of the Library into other free
4824 programs whose distribution conditions are incompatible with these,
4825 write to the author to ask for permission. For software which is
4826 copyrighted by the Free Software Foundation, write to the Free
4827 Software Foundation; we sometimes make exceptions for this. Our
4828 decision will be guided by the two goals of preserving the free
4829 status of all derivatives of our free software and of promoting the
4830 sharing and reuse of software generally.
4834 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
4835 WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE
4836 LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS
4837 AND/OR OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY
4838 OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT
4839 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
4840 FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND
4841 PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE
4842 DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR
4845 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
4846 WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY
4847 MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE
4848 LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL,
4849 INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR
4850 INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF
4851 DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU
4852 OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY
4853 OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN
4854 ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
4856 END OF TERMS AND CONDITIONS
4857 ---------------------------
4859 How to Apply These Terms to Your New Libraries
4860 ----------------------------------------------
4862 If you develop a new library, and you want it to be of the greatest
4863 possible use to the public, we recommend making it free software that
4864 everyone can redistribute and change. You can do so by permitting
4865 redistribution under these terms (or, alternatively, under the terms of
4866 the ordinary General Public License).
4868 To apply these terms, attach the following notices to the library. It
4869 is safest to attach them to the start of each source file to most
4870 effectively convey the exclusion of warranty; and each file should have
4871 at least the "copyright" line and a pointer to where the full notice is
4874 ONE LINE TO GIVE THE LIBRARY'S NAME AND AN IDEA OF WHAT IT DOES.
4875 Copyright (C) YEAR NAME OF AUTHOR
4877 This library is free software; you can redistribute it and/or modify it
4878 under the terms of the GNU Lesser General Public License as published by
4879 the Free Software Foundation; either version 2.1 of the License, or (at
4880 your option) any later version.
4882 This library is distributed in the hope that it will be useful, but
4883 WITHOUT ANY WARRANTY; without even the implied warranty of
4884 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
4885 Lesser General Public License for more details.
4887 You should have received a copy of the GNU Lesser General Public
4888 License along with this library; if not, write to the Free Software
4889 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
4892 Also add information on how to contact you by electronic and paper mail.
4894 You should also get your employer (if you work as a programmer) or your
4895 school, if any, to sign a "copyright disclaimer" for the library, if
4896 necessary. Here is a sample; alter the names:
4898 Yoyodyne, Inc., hereby disclaims all copyright interest in the library
4899 `Frob' (a library for tweaking knobs) written by James Random Hacker.
4901 SIGNATURE OF TY COON, 1 April 1990
4902 Ty Coon, President of Vice
4904 That's all there is to it!
4907 File: gnutls.info, Node: GNU GPL, Prev: GNU LGPL, Up: Copying Information
4909 A.3 GNU General Public License
4910 ==============================
4912 Version 3, 29 June 2007
4914 Copyright (C) 2007 Free Software Foundation, Inc. 'http://fsf.org/'
4916 Everyone is permitted to copy and distribute verbatim copies of this
4917 license document, but changing it is not allowed.
4922 The GNU General Public License is a free, copyleft license for software
4923 and other kinds of works.
4925 The licenses for most software and other practical works are designed to
4926 take away your freedom to share and change the works. By contrast, the
4927 GNU General Public License is intended to guarantee your freedom to
4928 share and change all versions of a program--to make sure it remains free
4929 software for all its users. We, the Free Software Foundation, use the
4930 GNU General Public License for most of our software; it applies also to
4931 any other work released this way by its authors. You can apply it to
4934 When we speak of free software, we are referring to freedom, not price.
4935 Our General Public Licenses are designed to make sure that you have the
4936 freedom to distribute copies of free software (and charge for them if
4937 you wish), that you receive source code or can get it if you want it,
4938 that you can change the software or use pieces of it in new free
4939 programs, and that you know you can do these things.
4941 To protect your rights, we need to prevent others from denying you these
4942 rights or asking you to surrender the rights. Therefore, you have
4943 certain responsibilities if you distribute copies of the software, or if
4944 you modify it: responsibilities to respect the freedom of others.
4946 For example, if you distribute copies of such a program, whether gratis
4947 or for a fee, you must pass on to the recipients the same freedoms that
4948 you received. You must make sure that they, too, receive or can get the
4949 source code. And you must show them these terms so they know their
4952 Developers that use the GNU GPL protect your rights with two steps: (1)
4953 assert copyright on the software, and (2) offer you this License giving
4954 you legal permission to copy, distribute and/or modify it.
4956 For the developers' and authors' protection, the GPL clearly explains
4957 that there is no warranty for this free software. For both users' and
4958 authors' sake, the GPL requires that modified versions be marked as
4959 changed, so that their problems will not be attributed erroneously to
4960 authors of previous versions.
4962 Some devices are designed to deny users access to install or run
4963 modified versions of the software inside them, although the manufacturer
4964 can do so. This is fundamentally incompatible with the aim of
4965 protecting users' freedom to change the software. The systematic
4966 pattern of such abuse occurs in the area of products for individuals to
4967 use, which is precisely where it is most unacceptable. Therefore, we
4968 have designed this version of the GPL to prohibit the practice for those
4969 products. If such problems arise substantially in other domains, we
4970 stand ready to extend this provision to those domains in future versions
4971 of the GPL, as needed to protect the freedom of users.
4973 Finally, every program is threatened constantly by software patents.
4974 States should not allow patents to restrict development and use of
4975 software on general-purpose computers, but in those that do, we wish to
4976 avoid the special danger that patents applied to a free program could
4977 make it effectively proprietary. To prevent this, the GPL assures that
4978 patents cannot be used to render the program non-free.
4980 The precise terms and conditions for copying, distribution and
4981 modification follow.
4983 TERMS AND CONDITIONS
4984 ====================
4988 "This License" refers to version 3 of the GNU General Public
4991 "Copyright" also means copyright-like laws that apply to other
4992 kinds of works, such as semiconductor masks.
4994 "The Program" refers to any copyrightable work licensed under this
4995 License. Each licensee is addressed as "you". "Licensees" and
4996 "recipients" may be individuals or organizations.
4998 To "modify" a work means to copy from or adapt all or part of the
4999 work in a fashion requiring copyright permission, other than the
5000 making of an exact copy. The resulting work is called a "modified
5001 version" of the earlier work or a work "based on" the earlier work.
5003 A "covered work" means either the unmodified Program or a work
5004 based on the Program.
5006 To "propagate" a work means to do anything with it that, without
5007 permission, would make you directly or secondarily liable for
5008 infringement under applicable copyright law, except executing it on
5009 a computer or modifying a private copy. Propagation includes
5010 copying, distribution (with or without modification), making
5011 available to the public, and in some countries other activities as
5014 To "convey" a work means any kind of propagation that enables other
5015 parties to make or receive copies. Mere interaction with a user
5016 through a computer network, with no transfer of a copy, is not
5019 An interactive user interface displays "Appropriate Legal Notices"
5020 to the extent that it includes a convenient and prominently visible
5021 feature that (1) displays an appropriate copyright notice, and (2)
5022 tells the user that there is no warranty for the work (except to
5023 the extent that warranties are provided), that licensees may convey
5024 the work under this License, and how to view a copy of this
5025 License. If the interface presents a list of user commands or
5026 options, such as a menu, a prominent item in the list meets this
5031 The "source code" for a work means the preferred form of the work
5032 for making modifications to it. "Object code" means any non-source
5035 A "Standard Interface" means an interface that either is an
5036 official standard defined by a recognized standards body, or, in
5037 the case of interfaces specified for a particular programming
5038 language, one that is widely used among developers working in that
5041 The "System Libraries" of an executable work include anything,
5042 other than the work as a whole, that (a) is included in the normal
5043 form of packaging a Major Component, but which is not part of that
5044 Major Component, and (b) serves only to enable use of the work with
5045 that Major Component, or to implement a Standard Interface for
5046 which an implementation is available to the public in source code
5047 form. A "Major Component", in this context, means a major
5048 essential component (kernel, window system, and so on) of the
5049 specific operating system (if any) on which the executable work
5050 runs, or a compiler used to produce the work, or an object code
5051 interpreter used to run it.
5053 The "Corresponding Source" for a work in object code form means all
5054 the source code needed to generate, install, and (for an executable
5055 work) run the object code and to modify the work, including scripts
5056 to control those activities. However, it does not include the
5057 work's System Libraries, or general-purpose tools or generally
5058 available free programs which are used unmodified in performing
5059 those activities but which are not part of the work. For example,
5060 Corresponding Source includes interface definition files associated
5061 with source files for the work, and the source code for shared
5062 libraries and dynamically linked subprograms that the work is
5063 specifically designed to require, such as by intimate data
5064 communication or control flow between those subprograms and other
5067 The Corresponding Source need not include anything that users can
5068 regenerate automatically from other parts of the Corresponding
5071 The Corresponding Source for a work in source code form is that
5074 2. Basic Permissions.
5076 All rights granted under this License are granted for the term of
5077 copyright on the Program, and are irrevocable provided the stated
5078 conditions are met. This License explicitly affirms your unlimited
5079 permission to run the unmodified Program. The output from running
5080 a covered work is covered by this License only if the output, given
5081 its content, constitutes a covered work. This License acknowledges
5082 your rights of fair use or other equivalent, as provided by
5085 You may make, run and propagate covered works that you do not
5086 convey, without conditions so long as your license otherwise
5087 remains in force. You may convey covered works to others for the
5088 sole purpose of having them make modifications exclusively for you,
5089 or provide you with facilities for running those works, provided
5090 that you comply with the terms of this License in conveying all
5091 material for which you do not control copyright. Those thus making
5092 or running the covered works for you must do so exclusively on your
5093 behalf, under your direction and control, on terms that prohibit
5094 them from making any copies of your copyrighted material outside
5095 their relationship with you.
5097 Conveying under any other circumstances is permitted solely under
5098 the conditions stated below. Sublicensing is not allowed; section
5099 10 makes it unnecessary.
5101 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
5103 No covered work shall be deemed part of an effective technological
5104 measure under any applicable law fulfilling obligations under
5105 article 11 of the WIPO copyright treaty adopted on 20 December
5106 1996, or similar laws prohibiting or restricting circumvention of
5109 When you convey a covered work, you waive any legal power to forbid
5110 circumvention of technological measures to the extent such
5111 circumvention is effected by exercising rights under this License
5112 with respect to the covered work, and you disclaim any intention to
5113 limit operation or modification of the work as a means of
5114 enforcing, against the work's users, your or third parties' legal
5115 rights to forbid circumvention of technological measures.
5117 4. Conveying Verbatim Copies.
5119 You may convey verbatim copies of the Program's source code as you
5120 receive it, in any medium, provided that you conspicuously and
5121 appropriately publish on each copy an appropriate copyright notice;
5122 keep intact all notices stating that this License and any
5123 non-permissive terms added in accord with section 7 apply to the
5124 code; keep intact all notices of the absence of any warranty; and
5125 give all recipients a copy of this License along with the Program.
5127 You may charge any price or no price for each copy that you convey,
5128 and you may offer support or warranty protection for a fee.
5130 5. Conveying Modified Source Versions.
5132 You may convey a work based on the Program, or the modifications to
5133 produce it from the Program, in the form of source code under the
5134 terms of section 4, provided that you also meet all of these
5137 a. The work must carry prominent notices stating that you
5138 modified it, and giving a relevant date.
5140 b. The work must carry prominent notices stating that it is
5141 released under this License and any conditions added under
5142 section 7. This requirement modifies the requirement in
5143 section 4 to "keep intact all notices".
5145 c. You must license the entire work, as a whole, under this
5146 License to anyone who comes into possession of a copy. This
5147 License will therefore apply, along with any applicable
5148 section 7 additional terms, to the whole of the work, and all
5149 its parts, regardless of how they are packaged. This License
5150 gives no permission to license the work in any other way, but
5151 it does not invalidate such permission if you have separately
5154 d. If the work has interactive user interfaces, each must display
5155 Appropriate Legal Notices; however, if the Program has
5156 interactive interfaces that do not display Appropriate Legal
5157 Notices, your work need not make them do so.
5159 A compilation of a covered work with other separate and independent
5160 works, which are not by their nature extensions of the covered
5161 work, and which are not combined with it such as to form a larger
5162 program, in or on a volume of a storage or distribution medium, is
5163 called an "aggregate" if the compilation and its resulting
5164 copyright are not used to limit the access or legal rights of the
5165 compilation's users beyond what the individual works permit.
5166 Inclusion of a covered work in an aggregate does not cause this
5167 License to apply to the other parts of the aggregate.
5169 6. Conveying Non-Source Forms.
5171 You may convey a covered work in object code form under the terms
5172 of sections 4 and 5, provided that you also convey the
5173 machine-readable Corresponding Source under the terms of this
5174 License, in one of these ways:
5176 a. Convey the object code in, or embodied in, a physical product
5177 (including a physical distribution medium), accompanied by the
5178 Corresponding Source fixed on a durable physical medium
5179 customarily used for software interchange.
5181 b. Convey the object code in, or embodied in, a physical product
5182 (including a physical distribution medium), accompanied by a
5183 written offer, valid for at least three years and valid for as
5184 long as you offer spare parts or customer support for that
5185 product model, to give anyone who possesses the object code
5186 either (1) a copy of the Corresponding Source for all the
5187 software in the product that is covered by this License, on a
5188 durable physical medium customarily used for software
5189 interchange, for a price no more than your reasonable cost of
5190 physically performing this conveying of source, or (2) access
5191 to copy the Corresponding Source from a network server at no
5194 c. Convey individual copies of the object code with a copy of the
5195 written offer to provide the Corresponding Source. This
5196 alternative is allowed only occasionally and noncommercially,
5197 and only if you received the object code with such an offer,
5198 in accord with subsection 6b.
5200 d. Convey the object code by offering access from a designated
5201 place (gratis or for a charge), and offer equivalent access to
5202 the Corresponding Source in the same way through the same
5203 place at no further charge. You need not require recipients
5204 to copy the Corresponding Source along with the object code.
5205 If the place to copy the object code is a network server, the
5206 Corresponding Source may be on a different server (operated by
5207 you or a third party) that supports equivalent copying
5208 facilities, provided you maintain clear directions next to the
5209 object code saying where to find the Corresponding Source.
5210 Regardless of what server hosts the Corresponding Source, you
5211 remain obligated to ensure that it is available for as long as
5212 needed to satisfy these requirements.
5214 e. Convey the object code using peer-to-peer transmission,
5215 provided you inform other peers where the object code and
5216 Corresponding Source of the work are being offered to the
5217 general public at no charge under subsection 6d.
5219 A separable portion of the object code, whose source code is
5220 excluded from the Corresponding Source as a System Library, need
5221 not be included in conveying the object code work.
5223 A "User Product" is either (1) a "consumer product", which means
5224 any tangible personal property which is normally used for personal,
5225 family, or household purposes, or (2) anything designed or sold for
5226 incorporation into a dwelling. In determining whether a product is
5227 a consumer product, doubtful cases shall be resolved in favor of
5228 coverage. For a particular product received by a particular user,
5229 "normally used" refers to a typical or common use of that class of
5230 product, regardless of the status of the particular user or of the
5231 way in which the particular user actually uses, or expects or is
5232 expected to use, the product. A product is a consumer product
5233 regardless of whether the product has substantial commercial,
5234 industrial or non-consumer uses, unless such uses represent the
5235 only significant mode of use of the product.
5237 "Installation Information" for a User Product means any methods,
5238 procedures, authorization keys, or other information required to
5239 install and execute modified versions of a covered work in that
5240 User Product from a modified version of its Corresponding Source.
5241 The information must suffice to ensure that the continued
5242 functioning of the modified object code is in no case prevented or
5243 interfered with solely because modification has been made.
5245 If you convey an object code work under this section in, or with,
5246 or specifically for use in, a User Product, and the conveying
5247 occurs as part of a transaction in which the right of possession
5248 and use of the User Product is transferred to the recipient in
5249 perpetuity or for a fixed term (regardless of how the transaction
5250 is characterized), the Corresponding Source conveyed under this
5251 section must be accompanied by the Installation Information. But
5252 this requirement does not apply if neither you nor any third party
5253 retains the ability to install modified object code on the User
5254 Product (for example, the work has been installed in ROM).
5256 The requirement to provide Installation Information does not
5257 include a requirement to continue to provide support service,
5258 warranty, or updates for a work that has been modified or installed
5259 by the recipient, or for the User Product in which it has been
5260 modified or installed. Access to a network may be denied when the
5261 modification itself materially and adversely affects the operation
5262 of the network or violates the rules and protocols for
5263 communication across the network.
5265 Corresponding Source conveyed, and Installation Information
5266 provided, in accord with this section must be in a format that is
5267 publicly documented (and with an implementation available to the
5268 public in source code form), and must require no special password
5269 or key for unpacking, reading or copying.
5271 7. Additional Terms.
5273 "Additional permissions" are terms that supplement the terms of
5274 this License by making exceptions from one or more of its
5275 conditions. Additional permissions that are applicable to the
5276 entire Program shall be treated as though they were included in
5277 this License, to the extent that they are valid under applicable
5278 law. If additional permissions apply only to part of the Program,
5279 that part may be used separately under those permissions, but the
5280 entire Program remains governed by this License without regard to
5281 the additional permissions.
5283 When you convey a copy of a covered work, you may at your option
5284 remove any additional permissions from that copy, or from any part
5285 of it. (Additional permissions may be written to require their own
5286 removal in certain cases when you modify the work.) You may place
5287 additional permissions on material, added by you to a covered work,
5288 for which you have or can give appropriate copyright permission.
5290 Notwithstanding any other provision of this License, for material
5291 you add to a covered work, you may (if authorized by the copyright
5292 holders of that material) supplement the terms of this License with
5295 a. Disclaiming warranty or limiting liability differently from
5296 the terms of sections 15 and 16 of this License; or
5298 b. Requiring preservation of specified reasonable legal notices
5299 or author attributions in that material or in the Appropriate
5300 Legal Notices displayed by works containing it; or
5302 c. Prohibiting misrepresentation of the origin of that material,
5303 or requiring that modified versions of such material be marked
5304 in reasonable ways as different from the original version; or
5306 d. Limiting the use for publicity purposes of names of licensors
5307 or authors of the material; or
5309 e. Declining to grant rights under trademark law for use of some
5310 trade names, trademarks, or service marks; or
5312 f. Requiring indemnification of licensors and authors of that
5313 material by anyone who conveys the material (or modified
5314 versions of it) with contractual assumptions of liability to
5315 the recipient, for any liability that these contractual
5316 assumptions directly impose on those licensors and authors.
5318 All other non-permissive additional terms are considered "further
5319 restrictions" within the meaning of section 10. If the Program as
5320 you received it, or any part of it, contains a notice stating that
5321 it is governed by this License along with a term that is a further
5322 restriction, you may remove that term. If a license document
5323 contains a further restriction but permits relicensing or conveying
5324 under this License, you may add to a covered work material governed
5325 by the terms of that license document, provided that the further
5326 restriction does not survive such relicensing or conveying.
5328 If you add terms to a covered work in accord with this section, you
5329 must place, in the relevant source files, a statement of the
5330 additional terms that apply to those files, or a notice indicating
5331 where to find the applicable terms.
5333 Additional terms, permissive or non-permissive, may be stated in
5334 the form of a separately written license, or stated as exceptions;
5335 the above requirements apply either way.
5339 You may not propagate or modify a covered work except as expressly
5340 provided under this License. Any attempt otherwise to propagate or
5341 modify it is void, and will automatically terminate your rights
5342 under this License (including any patent licenses granted under the
5343 third paragraph of section 11).
5345 However, if you cease all violation of this License, then your
5346 license from a particular copyright holder is reinstated (a)
5347 provisionally, unless and until the copyright holder explicitly and
5348 finally terminates your license, and (b) permanently, if the
5349 copyright holder fails to notify you of the violation by some
5350 reasonable means prior to 60 days after the cessation.
5352 Moreover, your license from a particular copyright holder is
5353 reinstated permanently if the copyright holder notifies you of the
5354 violation by some reasonable means, this is the first time you have
5355 received notice of violation of this License (for any work) from
5356 that copyright holder, and you cure the violation prior to 30 days
5357 after your receipt of the notice.
5359 Termination of your rights under this section does not terminate
5360 the licenses of parties who have received copies or rights from you
5361 under this License. If your rights have been terminated and not
5362 permanently reinstated, you do not qualify to receive new licenses
5363 for the same material under section 10.
5365 9. Acceptance Not Required for Having Copies.
5367 You are not required to accept this License in order to receive or
5368 run a copy of the Program. Ancillary propagation of a covered work
5369 occurring solely as a consequence of using peer-to-peer
5370 transmission to receive a copy likewise does not require
5371 acceptance. However, nothing other than this License grants you
5372 permission to propagate or modify any covered work. These actions
5373 infringe copyright if you do not accept this License. Therefore,
5374 by modifying or propagating a covered work, you indicate your
5375 acceptance of this License to do so.
5377 10. Automatic Licensing of Downstream Recipients.
5379 Each time you convey a covered work, the recipient automatically
5380 receives a license from the original licensors, to run, modify and
5381 propagate that work, subject to this License. You are not
5382 responsible for enforcing compliance by third parties with this
5385 An "entity transaction" is a transaction transferring control of an
5386 organization, or substantially all assets of one, or subdividing an
5387 organization, or merging organizations. If propagation of a
5388 covered work results from an entity transaction, each party to that
5389 transaction who receives a copy of the work also receives whatever
5390 licenses to the work the party's predecessor in interest had or
5391 could give under the previous paragraph, plus a right to possession
5392 of the Corresponding Source of the work from the predecessor in
5393 interest, if the predecessor has it or can get it with reasonable
5396 You may not impose any further restrictions on the exercise of the
5397 rights granted or affirmed under this License. For example, you
5398 may not impose a license fee, royalty, or other charge for exercise
5399 of rights granted under this License, and you may not initiate
5400 litigation (including a cross-claim or counterclaim in a lawsuit)
5401 alleging that any patent claim is infringed by making, using,
5402 selling, offering for sale, or importing the Program or any portion
5407 A "contributor" is a copyright holder who authorizes use under this
5408 License of the Program or a work on which the Program is based.
5409 The work thus licensed is called the contributor's "contributor
5412 A contributor's "essential patent claims" are all patent claims
5413 owned or controlled by the contributor, whether already acquired or
5414 hereafter acquired, that would be infringed by some manner,
5415 permitted by this License, of making, using, or selling its
5416 contributor version, but do not include claims that would be
5417 infringed only as a consequence of further modification of the
5418 contributor version. For purposes of this definition, "control"
5419 includes the right to grant patent sublicenses in a manner
5420 consistent with the requirements of this License.
5422 Each contributor grants you a non-exclusive, worldwide,
5423 royalty-free patent license under the contributor's essential
5424 patent claims, to make, use, sell, offer for sale, import and
5425 otherwise run, modify and propagate the contents of its contributor
5428 In the following three paragraphs, a "patent license" is any
5429 express agreement or commitment, however denominated, not to
5430 enforce a patent (such as an express permission to practice a
5431 patent or covenant not to sue for patent infringement). To "grant"
5432 such a patent license to a party means to make such an agreement or
5433 commitment not to enforce a patent against the party.
5435 If you convey a covered work, knowingly relying on a patent
5436 license, and the Corresponding Source of the work is not available
5437 for anyone to copy, free of charge and under the terms of this
5438 License, through a publicly available network server or other
5439 readily accessible means, then you must either (1) cause the
5440 Corresponding Source to be so available, or (2) arrange to deprive
5441 yourself of the benefit of the patent license for this particular
5442 work, or (3) arrange, in a manner consistent with the requirements
5443 of this License, to extend the patent license to downstream
5444 recipients. "Knowingly relying" means you have actual knowledge
5445 that, but for the patent license, your conveying the covered work
5446 in a country, or your recipient's use of the covered work in a
5447 country, would infringe one or more identifiable patents in that
5448 country that you have reason to believe are valid.
5450 If, pursuant to or in connection with a single transaction or
5451 arrangement, you convey, or propagate by procuring conveyance of, a
5452 covered work, and grant a patent license to some of the parties
5453 receiving the covered work authorizing them to use, propagate,
5454 modify or convey a specific copy of the covered work, then the
5455 patent license you grant is automatically extended to all
5456 recipients of the covered work and works based on it.
5458 A patent license is "discriminatory" if it does not include within
5459 the scope of its coverage, prohibits the exercise of, or is
5460 conditioned on the non-exercise of one or more of the rights that
5461 are specifically granted under this License. You may not convey a
5462 covered work if you are a party to an arrangement with a third
5463 party that is in the business of distributing software, under which
5464 you make payment to the third party based on the extent of your
5465 activity of conveying the work, and under which the third party
5466 grants, to any of the parties who would receive the covered work
5467 from you, a discriminatory patent license (a) in connection with
5468 copies of the covered work conveyed by you (or copies made from
5469 those copies), or (b) primarily for and in connection with specific
5470 products or compilations that contain the covered work, unless you
5471 entered into that arrangement, or that patent license was granted,
5472 prior to 28 March 2007.
5474 Nothing in this License shall be construed as excluding or limiting
5475 any implied license or other defenses to infringement that may
5476 otherwise be available to you under applicable patent law.
5478 12. No Surrender of Others' Freedom.
5480 If conditions are imposed on you (whether by court order, agreement
5481 or otherwise) that contradict the conditions of this License, they
5482 do not excuse you from the conditions of this License. If you
5483 cannot convey a covered work so as to satisfy simultaneously your
5484 obligations under this License and any other pertinent obligations,
5485 then as a consequence you may not convey it at all. For example,
5486 if you agree to terms that obligate you to collect a royalty for
5487 further conveying from those to whom you convey the Program, the
5488 only way you could satisfy both those terms and this License would
5489 be to refrain entirely from conveying the Program.
5491 13. Use with the GNU Affero General Public License.
5493 Notwithstanding any other provision of this License, you have
5494 permission to link or combine any covered work with a work licensed
5495 under version 3 of the GNU Affero General Public License into a
5496 single combined work, and to convey the resulting work. The terms
5497 of this License will continue to apply to the part which is the
5498 covered work, but the special requirements of the GNU Affero
5499 General Public License, section 13, concerning interaction through
5500 a network will apply to the combination as such.
5502 14. Revised Versions of this License.
5504 The Free Software Foundation may publish revised and/or new
5505 versions of the GNU General Public License from time to time. Such
5506 new versions will be similar in spirit to the present version, but
5507 may differ in detail to address new problems or concerns.
5509 Each version is given a distinguishing version number. If the
5510 Program specifies that a certain numbered version of the GNU
5511 General Public License "or any later version" applies to it, you
5512 have the option of following the terms and conditions either of
5513 that numbered version or of any later version published by the Free
5514 Software Foundation. If the Program does not specify a version
5515 number of the GNU General Public License, you may choose any
5516 version ever published by the Free Software Foundation.
5518 If the Program specifies that a proxy can decide which future
5519 versions of the GNU General Public License can be used, that
5520 proxy's public statement of acceptance of a version permanently
5521 authorizes you to choose that version for the Program.
5523 Later license versions may give you additional or different
5524 permissions. However, no additional obligations are imposed on any
5525 author or copyright holder as a result of your choosing to follow a
5528 15. Disclaimer of Warranty.
5530 THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
5531 APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE
5532 COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS"
5533 WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED,
5534 INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
5535 MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE
5536 RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.
5537 SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL
5538 NECESSARY SERVICING, REPAIR OR CORRECTION.
5540 16. Limitation of Liability.
5542 IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
5543 WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES
5544 AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR
5545 DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
5546 CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE
5547 THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA
5548 BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
5549 PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
5550 PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF
5551 THE POSSIBILITY OF SUCH DAMAGES.
5553 17. Interpretation of Sections 15 and 16.
5555 If the disclaimer of warranty and limitation of liability provided
5556 above cannot be given local legal effect according to their terms,
5557 reviewing courts shall apply local law that most closely
5558 approximates an absolute waiver of all civil liability in
5559 connection with the Program, unless a warranty or assumption of
5560 liability accompanies a copy of the Program in return for a fee.
5562 END OF TERMS AND CONDITIONS
5563 ===========================
5565 How to Apply These Terms to Your New Programs
5566 =============================================
5568 If you develop a new program, and you want it to be of the greatest
5569 possible use to the public, the best way to achieve this is to make it
5570 free software which everyone can redistribute and change under these
5573 To do so, attach the following notices to the program. It is safest to
5574 attach them to the start of each source file to most effectively state
5575 the exclusion of warranty; and each file should have at least the
5576 "copyright" line and a pointer to where the full notice is found.
5578 ONE LINE TO GIVE THE PROGRAM'S NAME AND A BRIEF IDEA OF WHAT IT DOES.
5579 Copyright (C) YEAR NAME OF AUTHOR
5581 This program is free software: you can redistribute it and/or modify
5582 it under the terms of the GNU General Public License as published by
5583 the Free Software Foundation, either version 3 of the License, or (at
5584 your option) any later version.
5586 This program is distributed in the hope that it will be useful, but
5587 WITHOUT ANY WARRANTY; without even the implied warranty of
5588 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5589 General Public License for more details.
5591 You should have received a copy of the GNU General Public License
5592 along with this program. If not, see 'http://www.gnu.org/licenses/'.
5594 Also add information on how to contact you by electronic and paper mail.
5596 If the program does terminal interaction, make it output a short notice
5597 like this when it starts in an interactive mode:
5599 PROGRAM Copyright (C) YEAR NAME OF AUTHOR
5600 This program comes with ABSOLUTELY NO WARRANTY; for details type 'show w'.
5601 This is free software, and you are welcome to redistribute it
5602 under certain conditions; type 'show c' for details.
5604 The hypothetical commands 'show w' and 'show c' should show the
5605 appropriate parts of the General Public License. Of course, your
5606 program's commands might be different; for a GUI interface, you would
5609 You should also get your employer (if you work as a programmer) or
5610 school, if any, to sign a "copyright disclaimer" for the program, if
5611 necessary. For more information on this, and how to apply and follow
5612 the GNU GPL, see 'http://www.gnu.org/licenses/'.
5614 The GNU General Public License does not permit incorporating your
5615 program into proprietary programs. If your program is a subroutine
5616 library, you may consider it more useful to permit linking proprietary
5617 applications with the library. If this is what you want to do, use the
5618 GNU Lesser General Public License instead of this License. But first,
5619 please read 'http://www.gnu.org/philosophy/why-not-lgpl.html'.
5622 File: gnutls.info, Node: Bibliography, Next: Function and Data Index, Prev: Copying Information, Up: Top
5628 Bodo Moeller, "Security of CBC Ciphersuites in SSL/TLS: Problems
5629 and Countermeasures", 2002, available from
5630 'http://www.openssl.org/~bodo/tls-cbc.txt'.
5633 Mike Ashley, "The GNU Privacy Handbook", 2002, available from
5634 'http://www.gnupg.org/gph/en/manual.pdf'.
5637 Peter Gutmann, "Everything you never wanted to know about PKI but
5638 were forced to find out", Available from
5639 'http://www.cs.auckland.ac.nz/~pgut001/'.
5642 NIST Special Publication 800-57, "Recommendation for Key Management
5643 - Part 1: General (Revised)", March 2007, available from
5644 'http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf'.
5647 Tim Dierks and Christopher Allen, "The TLS Protocol Version 1.0",
5648 January 1999, Available from 'http://www.ietf.org/rfc/rfc2246.txt'.
5651 Tim Dierks and Eric Rescorla, "The TLS Protocol Version 1.1", Match
5652 2006, Available from 'http://www.ietf.org/rfc/rfc4346.txt'.
5655 Jon Callas, Lutz Donnerhacke, Hal Finney and Rodney Thayer,
5656 "OpenPGP Message Format", November 1998, Available from
5657 'http://www.ietf.org/rfc/rfc2440.txt'.
5660 Jon Callas, Lutz Donnerhacke, Hal Finney, David Shaw and Rodney
5661 Thayer, "OpenPGP Message Format", November 2007, Available from
5662 'http://www.ietf.org/rfc/rfc4880.txt'.
5665 J. Schaad, "Internet X.509 Public Key Infrastructure Certificate
5666 Request Message Format (CRMF)", September 2005, Available from
5667 'http://www.ietf.org/rfc/rfc4211.txt'.
5670 Rohit Khare and Scott Lawrence, "Upgrading to TLS Within HTTP/1.1",
5671 May 2000, Available from 'http://www.ietf.org/rfc/rfc2817.txt'
5674 Eric Rescorla, "HTTP Over TLS", May 2000, Available from
5675 'http://www.ietf/rfc/rfc2818.txt'.
5678 Tom Wu, "The SRP Authentication and Key Exchange System", September
5679 2000, Available from 'http://www.ietf.org/rfc/rfc2945.txt'.
5682 Magnus Nystrom and Burt Kaliski, "PKCS 10 v1.7: Certification
5683 Request Syntax Specification", November 2000, Available from
5684 'http://www.ietf.org/rfc/rfc2986.txt'.
5687 D. Cooper, S. Santesson, S. Farrel, S. Boeyen, R. Housley, W. Polk,
5688 "Internet X.509 Public Key Infrastructure Certificate and
5689 Certificate Revocation List (CRL) Profile", May 2008, available
5690 from 'http://www.ietf.org/rfc/rfc5280.txt'.
5693 Scott Hollenbeck, "Transport Layer Security Protocol Compression
5694 Methods", May 2004, available from
5695 'http://www.ietf.org/rfc/rfc3749.txt'.
5698 Steven Tuecke, Von Welch, Doug Engert, Laura Pearlman, and Mary
5699 Thompson, "Internet X.509 Public Key Infrastructure (PKI) Proxy
5700 Certificate Profile", June 2004, available from
5701 'http://www.ietf.org/rfc/rfc3820'.
5704 E. Rescorla, M. Ray, S. Dispensa, and N. Oskov, "Transport Layer
5705 Security (TLS) Renegotiation Indication Extension", February 2010,
5706 available from 'http://www.ietf.org/rfc/rfc5746'.
5709 Joseph Salowey, Hao Zhou, Pasi Eronen, Hannes Tschofenig,
5710 "Transport Layer Security (TLS) Session Resumption without
5711 Server-Side State", January 2008, available from
5712 'http://www.ietf.org/rfc/rfc5077'.
5715 RSA Laboratories, "PKCS 12 v1.0: Personal Information Exchange
5716 Syntax", June 1999, Available from 'http://www.rsa.com'.
5719 RSA Laboratories, "PKCS #11 Base Functionality v2.30: Cryptoki –
5720 Draft 4", July 2009, Available from 'http://www.rsa.com'.
5723 Eric Rescorla, "SSL and TLS: Designing and Building Secure
5727 Arjen Lenstra and Eric Verheul, "Selecting Cryptographic Key
5728 Sizes", 2003, available from
5729 'http://www.win.tue.nl/~klenstra/key.pdf'.
5732 Alan Freier, Philip Karlton and Paul Kocher, "The SSL Protocol
5733 Version 3.0", November 1996, Available from
5734 'http://wp.netscape.com/eng/ssl3/draft302.txt'.
5737 Richard Stevens, "UNIX Network Programming, Volume 1", Prentice
5738 Hall PTR, January 1998
5741 Simon Blake-Wilson, Magnus Nystrom, David Hopwood, Jan Mikkelsen
5742 and Tim Wright, "Transport Layer Security (TLS) Extensions", June
5743 2003, Available from 'http://www.ietf.org/rfc/rfc3546.txt'.
5746 Nikos Mavrogiannopoulos, "Using OpenPGP keys for TLS
5747 authentication", January 2011. Available from
5748 'http://www.ietf.org/rfc/rfc6091.txt'.
5751 David Taylor, Trevor Perrin, Tom Wu and Nikos Mavrogiannopoulos,
5752 "Using SRP for TLS Authentication", November 2007. Available from
5753 'http://www.ietf.org/rfc/rfc5054.txt'.
5756 Pasi Eronen and Hannes Tschofenig, "Pre-shared key Ciphersuites for
5757 TLS", December 2005, Available from
5758 'http://www.ietf.org/rfc/rfc4279.txt'.
5761 Tom Wu, "The Stanford SRP Authentication Project", Available at
5762 'http://srp.stanford.edu/'.
5765 Arjen Lenstra and Xiaoyun Wang and Benne de Weger, "Colliding X.509
5766 Certificates", Cryptology ePrint Archive, Report 2005/067,
5767 Available at 'http://eprint.iacr.org/'.
5770 European Network of Excellence in Cryptology II, "ECRYPT II Yearly
5771 Report on Algorithms and Keysizes (2009-2010)", Available at
5772 'http://www.ecrypt.eu.org/documents/D.SPA.13.pdf'.
5775 N. Williams, "On the Use of Channel Bindings to Secure Channels",
5776 November 2007, available from 'http://www.ietf.org/rfc/rfc5056'.
5779 J. Altman, N. Williams, L. Zhu, "Channel Bindings for TLS", July
5780 2010, available from 'http://www.ietf.org/rfc/rfc5929'.
5783 File: gnutls.info, Node: Function and Data Index, Next: Concept Index, Prev: Bibliography, Up: Top
5785 Function and Data Index
5786 ***********************
5791 * alert-description->string: Core Interface. (line 415)
5792 * alert-get: Core Interface. (line 314)
5793 * alert-level->string: Core Interface. (line 418)
5794 * alert-send: Core Interface. (line 311)
5795 * anonymous-client-credentials?: Core Interface. (line 364)
5796 * anonymous-server-credentials?: Core Interface. (line 361)
5797 * bye: Core Interface. (line 323)
5798 * certificate-credentials?: Core Interface. (line 352)
5799 * certificate-request->string: Core Interface. (line 405)
5800 * certificate-status->string: Core Interface. (line 408)
5801 * certificate-type->string: Core Interface. (line 396)
5802 * certificate-verify->string: Core Interface. (line 373)
5803 * cipher->string: Core Interface. (line 442)
5804 * cipher-suite->string: Core Interface. (line 232)
5805 * close-request->string: Core Interface. (line 402)
5806 * compression-method->string: Core Interface. (line 424)
5807 * connection-end->string: Core Interface. (line 421)
5808 * credentials->string: Core Interface. (line 433)
5809 * dh-parameters?: Core Interface. (line 358)
5810 * digest->string: Core Interface. (line 427)
5811 * error->string: Exception Handling. (line 6)
5812 * error->string <1>: Core Interface. (line 370)
5813 * gnutls-version: Core Interface. (line 330)
5814 * gnutls_alert_get: Core functions. (line 24)
5815 * gnutls_alert_get_name: Core functions. (line 11)
5816 * gnutls_alert_send: Core functions. (line 65)
5817 * gnutls_alert_send_appropriate: Core functions. (line 42)
5818 * gnutls_anon_allocate_client_credentials: Core functions. (line 89)
5819 * gnutls_anon_allocate_server_credentials: Core functions. (line 101)
5820 * gnutls_anon_free_client_credentials: Core functions. (line 113)
5821 * gnutls_anon_free_server_credentials: Core functions. (line 123)
5822 * gnutls_anon_set_params_function: Core functions. (line 133)
5823 * gnutls_anon_set_server_dh_params: Core functions. (line 147)
5824 * gnutls_anon_set_server_params_function: Core functions. (line 161)
5825 * gnutls_auth_client_get_type: Core functions. (line 175)
5826 * gnutls_auth_get_type: Core functions. (line 189)
5827 * gnutls_auth_server_get_type: Core functions. (line 207)
5828 * gnutls_bye: Core functions. (line 221)
5829 * gnutls_certificate_activation_time_peers: Core functions. (line 258)
5830 * gnutls_certificate_allocate_credentials: Core functions. (line 273)
5831 * gnutls_certificate_client_get_request_status: Core functions.
5833 * gnutls_certificate_client_set_retrieve_function: Core functions.
5835 * gnutls_certificate_expiration_time_peers: Core functions. (line 338)
5836 * gnutls_certificate_free_cas: Core functions. (line 369)
5837 * gnutls_certificate_free_ca_names: Core functions. (line 352)
5838 * gnutls_certificate_free_credentials: Core functions. (line 381)
5839 * gnutls_certificate_free_crls: Core functions. (line 395)
5840 * gnutls_certificate_free_keys: Core functions. (line 405)
5841 * gnutls_certificate_get_issuer: Core functions. (line 417)
5842 * gnutls_certificate_get_openpgp_keyring: Core functions. (line 437)
5843 * gnutls_certificate_get_ours: Core functions. (line 452)
5844 * gnutls_certificate_get_peers: Core functions. (line 467)
5845 * gnutls_certificate_get_x509_cas: Core functions. (line 489)
5846 * gnutls_certificate_get_x509_crls: Core functions. (line 507)
5847 * gnutls_certificate_send_x509_rdn_sequence: Core functions. (line 525)
5848 * gnutls_certificate_server_set_request: Core functions. (line 543)
5849 * gnutls_certificate_server_set_retrieve_function: Core functions.
5851 * gnutls_certificate_set_dh_params: Core functions. (line 584)
5852 * gnutls_certificate_set_openpgp_key: OpenPGP functions. (line 157)
5853 * gnutls_certificate_set_openpgp_keyring_file: OpenPGP functions.
5855 * gnutls_certificate_set_openpgp_keyring_mem: OpenPGP functions.
5857 * gnutls_certificate_set_openpgp_key_file: OpenPGP functions.
5859 * gnutls_certificate_set_openpgp_key_file2: OpenPGP functions.
5861 * gnutls_certificate_set_openpgp_key_mem: OpenPGP functions. (line 93)
5862 * gnutls_certificate_set_openpgp_key_mem2: OpenPGP functions.
5864 * gnutls_certificate_set_params_function: Core functions. (line 601)
5865 * gnutls_certificate_set_retrieve_function: Core functions. (line 615)
5866 * gnutls_certificate_set_rsa_export_params: Core functions. (line 656)
5867 * gnutls_certificate_set_verify_flags: Core functions. (line 670)
5868 * gnutls_certificate_set_verify_function: Core functions. (line 683)
5869 * gnutls_certificate_set_verify_limits: Core functions. (line 712)
5870 * gnutls_certificate_set_x509_crl: Core functions. (line 773)
5871 * gnutls_certificate_set_x509_crl_file: Core functions. (line 731)
5872 * gnutls_certificate_set_x509_crl_mem: Core functions. (line 752)
5873 * gnutls_certificate_set_x509_key: Core functions. (line 866)
5874 * gnutls_certificate_set_x509_key_file: Core functions. (line 796)
5875 * gnutls_certificate_set_x509_key_mem: Core functions. (line 827)
5876 * gnutls_certificate_set_x509_simple_pkcs12_file: Core functions.
5878 * gnutls_certificate_set_x509_simple_pkcs12_mem: Core functions.
5880 * gnutls_certificate_set_x509_trust: Core functions. (line 1028)
5881 * gnutls_certificate_set_x509_trust_file: Core functions. (line 974)
5882 * gnutls_certificate_set_x509_trust_mem: Core functions. (line 1003)
5883 * gnutls_certificate_type_get: Core functions. (line 1078)
5884 * gnutls_certificate_type_get_id: Core functions. (line 1054)
5885 * gnutls_certificate_type_get_name: Core functions. (line 1066)
5886 * gnutls_certificate_type_list: Core functions. (line 1091)
5887 * gnutls_certificate_type_set_priority: Core functions. (line 1104)
5888 * gnutls_certificate_verify_flags: Verifying X.509 certificate paths.
5890 * gnutls_certificate_verify_peers: Core functions. (line 1147)
5891 * gnutls_certificate_verify_peers2: Core functions. (line 1122)
5892 * gnutls_check_version: Core functions. (line 1166)
5893 * gnutls_cipher_decrypt: Core functions. (line 1206)
5894 * gnutls_cipher_decrypt2: Core functions. (line 1183)
5895 * gnutls_cipher_deinit: Core functions. (line 1224)
5896 * gnutls_cipher_encrypt: Core functions. (line 1258)
5897 * gnutls_cipher_encrypt2: Core functions. (line 1235)
5898 * gnutls_cipher_get: Core functions. (line 1325)
5899 * gnutls_cipher_get_block_size: Core functions. (line 1276)
5900 * gnutls_cipher_get_id: Core functions. (line 1289)
5901 * gnutls_cipher_get_key_size: Core functions. (line 1301)
5902 * gnutls_cipher_get_name: Core functions. (line 1313)
5903 * gnutls_cipher_init: Core functions. (line 1337)
5904 * gnutls_cipher_list: Core functions. (line 1360)
5905 * gnutls_cipher_set_priority: Core functions. (line 1374)
5906 * gnutls_cipher_suite_get_name: Core functions. (line 1391)
5907 * gnutls_cipher_suite_info: Core functions. (line 1409)
5908 * gnutls_compression_get: Core functions. (line 1460)
5909 * gnutls_compression_get_id: Core functions. (line 1436)
5910 * gnutls_compression_get_name: Core functions. (line 1448)
5911 * gnutls_compression_list: Core functions. (line 1472)
5912 * gnutls_compression_set_priority: Core functions. (line 1485)
5913 * gnutls_credentials_clear: Core functions. (line 1508)
5914 * gnutls_credentials_set: Core functions. (line 1516)
5915 * gnutls_crypto_bigint_register2: Core functions. (line 1551)
5916 * gnutls_crypto_cipher_register2: Core functions. (line 1580)
5917 * gnutls_crypto_digest_register2: Core functions. (line 1606)
5918 * gnutls_crypto_mac_register2: Core functions. (line 1632)
5919 * gnutls_crypto_pk_register2: Core functions. (line 1657)
5920 * gnutls_crypto_rnd_register2: Core functions. (line 1686)
5921 * gnutls_crypto_single_cipher_register2: Core functions. (line 1712)
5922 * gnutls_crypto_single_digest_register2: Core functions. (line 1741)
5923 * gnutls_crypto_single_mac_register2: Core functions. (line 1770)
5924 * gnutls_db_check_entry: Core functions. (line 1798)
5925 * gnutls_db_get_ptr: Core functions. (line 1814)
5926 * gnutls_db_remove_session: Core functions. (line 1825)
5927 * gnutls_db_set_cache_expiration: Core functions. (line 1839)
5928 * gnutls_db_set_ptr: Core functions. (line 1851)
5929 * gnutls_db_set_remove_function: Core functions. (line 1863)
5930 * gnutls_db_set_retrieve_function: Core functions. (line 1878)
5931 * gnutls_db_set_store_function: Core functions. (line 1898)
5932 * gnutls_deinit: Core functions. (line 1913)
5933 * gnutls_dh_get_group: Core functions. (line 1923)
5934 * gnutls_dh_get_peers_public_bits: Core functions. (line 1943)
5935 * gnutls_dh_get_prime_bits: Core functions. (line 1956)
5936 * gnutls_dh_get_pubkey: Core functions. (line 1972)
5937 * gnutls_dh_get_secret_bits: Core functions. (line 1989)
5938 * gnutls_dh_params_cpy: Core functions. (line 2002)
5939 * gnutls_dh_params_deinit: Core functions. (line 2017)
5940 * gnutls_dh_params_export_pkcs3: Core functions. (line 2026)
5941 * gnutls_dh_params_export_raw: Core functions. (line 2053)
5942 * gnutls_dh_params_generate2: Core functions. (line 2075)
5943 * gnutls_dh_params_import_pkcs3: Core functions. (line 2098)
5944 * gnutls_dh_params_import_raw: Core functions. (line 2120)
5945 * gnutls_dh_params_init: Core functions. (line 2139)
5946 * gnutls_dh_set_prime_bits: Core functions. (line 2150)
5947 * gnutls_error_is_fatal: Core functions. (line 2170)
5948 * gnutls_error_to_alert: Core functions. (line 2188)
5949 * gnutls_extra_check_version: GnuTLS-extra functions.
5951 * gnutls_ext_register: Core functions. (line 2207)
5952 * gnutls_fingerprint: Core functions. (line 2229)
5953 * gnutls_free: Core functions. (line 2256)
5954 * gnutls_global_deinit: Core functions. (line 2265)
5955 * gnutls_global_init: Core functions. (line 2276)
5956 * gnutls_global_init_extra: GnuTLS-extra functions.
5958 * gnutls_global_set_log_function: Core functions. (line 2307)
5959 * gnutls_global_set_log_level: Core functions. (line 2322)
5960 * gnutls_global_set_mem_functions: Core functions. (line 2335)
5961 * gnutls_global_set_mutex: Core functions. (line 2367)
5962 * gnutls_global_set_time_function: Core functions. (line 2390)
5963 * gnutls_handshake: Core functions. (line 2501)
5964 * gnutls_handshake_get_last_in: Core functions. (line 2403)
5965 * gnutls_handshake_get_last_out: Core functions. (line 2420)
5966 * gnutls_handshake_set_max_packet_length: Core functions. (line 2437)
5967 * gnutls_handshake_set_post_client_hello_function: Core functions.
5969 * gnutls_handshake_set_private_extensions: Core functions. (line 2481)
5970 * gnutls_hash: Core functions. (line 2610)
5971 * gnutls_hash_deinit: Core functions. (line 2531)
5972 * gnutls_hash_fast: Core functions. (line 2545)
5973 * gnutls_hash_get_len: Core functions. (line 2565)
5974 * gnutls_hash_init: Core functions. (line 2579)
5975 * gnutls_hash_output: Core functions. (line 2597)
5976 * gnutls_hex2bin: Core functions. (line 2628)
5977 * gnutls_hex_decode: Core functions. (line 2648)
5978 * gnutls_hex_encode: Core functions. (line 2667)
5979 * gnutls_hmac: Core functions. (line 2772)
5980 * gnutls_hmac_deinit: Core functions. (line 2684)
5981 * gnutls_hmac_fast: Core functions. (line 2698)
5982 * gnutls_hmac_get_len: Core functions. (line 2723)
5983 * gnutls_hmac_init: Core functions. (line 2736)
5984 * gnutls_hmac_output: Core functions. (line 2759)
5985 * gnutls_ia_allocate_client_credentials: TLS Inner Application (TLS/IA) functions.
5987 * gnutls_ia_allocate_server_credentials: TLS Inner Application (TLS/IA) functions.
5989 * gnutls_ia_enable: TLS Inner Application (TLS/IA) functions.
5991 * gnutls_ia_endphase_send: TLS Inner Application (TLS/IA) functions.
5993 * gnutls_ia_extract_inner_secret: TLS Inner Application (TLS/IA) functions.
5995 * gnutls_ia_free_client_credentials: TLS Inner Application (TLS/IA) functions.
5997 * gnutls_ia_free_server_credentials: TLS Inner Application (TLS/IA) functions.
5999 * gnutls_ia_generate_challenge: TLS Inner Application (TLS/IA) functions.
6001 * gnutls_ia_get_client_avp_ptr: TLS Inner Application (TLS/IA) functions.
6003 * gnutls_ia_get_server_avp_ptr: TLS Inner Application (TLS/IA) functions.
6005 * gnutls_ia_handshake: TLS Inner Application (TLS/IA) functions.
6007 * gnutls_ia_handshake_p: TLS Inner Application (TLS/IA) functions.
6009 * gnutls_ia_permute_inner_secret: TLS Inner Application (TLS/IA) functions.
6011 * gnutls_ia_recv: TLS Inner Application (TLS/IA) functions.
6013 * gnutls_ia_send: TLS Inner Application (TLS/IA) functions.
6015 * gnutls_ia_set_client_avp_function: TLS Inner Application (TLS/IA) functions.
6017 * gnutls_ia_set_client_avp_ptr: TLS Inner Application (TLS/IA) functions.
6019 * gnutls_ia_set_server_avp_function: TLS Inner Application (TLS/IA) functions.
6021 * gnutls_ia_set_server_avp_ptr: TLS Inner Application (TLS/IA) functions.
6023 * gnutls_ia_verify_endphase: TLS Inner Application (TLS/IA) functions.
6025 * gnutls_init: Core functions. (line 2790)
6026 * gnutls_kx_get: Core functions. (line 2833)
6027 * gnutls_kx_get_id: Core functions. (line 2809)
6028 * gnutls_kx_get_name: Core functions. (line 2821)
6029 * gnutls_kx_list: Core functions. (line 2845)
6030 * gnutls_kx_set_priority: Core functions. (line 2855)
6031 * gnutls_mac_get: Core functions. (line 2910)
6032 * gnutls_mac_get_id: Core functions. (line 2873)
6033 * gnutls_mac_get_key_size: Core functions. (line 2886)
6034 * gnutls_mac_get_name: Core functions. (line 2898)
6035 * gnutls_mac_list: Core functions. (line 2922)
6036 * gnutls_mac_set_priority: Core functions. (line 2935)
6037 * gnutls_malloc: Core functions. (line 2953)
6038 * gnutls_openpgp_crt_check_hostname: OpenPGP functions. (line 180)
6039 * gnutls_openpgp_crt_deinit: OpenPGP functions. (line 195)
6040 * gnutls_openpgp_crt_export: OpenPGP functions. (line 203)
6041 * gnutls_openpgp_crt_get_auth_subkey: OpenPGP functions. (line 224)
6042 * gnutls_openpgp_crt_get_creation_time: OpenPGP functions. (line 246)
6043 * gnutls_openpgp_crt_get_expiration_time: OpenPGP functions. (line 257)
6044 * gnutls_openpgp_crt_get_fingerprint: OpenPGP functions. (line 269)
6045 * gnutls_openpgp_crt_get_key_id: OpenPGP functions. (line 286)
6046 * gnutls_openpgp_crt_get_key_usage: OpenPGP functions. (line 301)
6047 * gnutls_openpgp_crt_get_name: OpenPGP functions. (line 316)
6048 * gnutls_openpgp_crt_get_pk_algorithm: OpenPGP functions. (line 337)
6049 * gnutls_openpgp_crt_get_pk_dsa_raw: OpenPGP functions. (line 357)
6050 * gnutls_openpgp_crt_get_pk_rsa_raw: OpenPGP functions. (line 381)
6051 * gnutls_openpgp_crt_get_preferred_key_id: OpenPGP functions.
6053 * gnutls_openpgp_crt_get_revoked_status: OpenPGP functions. (line 415)
6054 * gnutls_openpgp_crt_get_subkey_count: OpenPGP functions. (line 429)
6055 * gnutls_openpgp_crt_get_subkey_creation_time: OpenPGP functions.
6057 * gnutls_openpgp_crt_get_subkey_expiration_time: OpenPGP functions.
6059 * gnutls_openpgp_crt_get_subkey_fingerprint: OpenPGP functions.
6061 * gnutls_openpgp_crt_get_subkey_id: OpenPGP functions. (line 511)
6062 * gnutls_openpgp_crt_get_subkey_idx: OpenPGP functions. (line 496)
6063 * gnutls_openpgp_crt_get_subkey_pk_algorithm: OpenPGP functions.
6065 * gnutls_openpgp_crt_get_subkey_pk_dsa_raw: OpenPGP functions.
6067 * gnutls_openpgp_crt_get_subkey_pk_rsa_raw: OpenPGP functions.
6069 * gnutls_openpgp_crt_get_subkey_revoked_status: OpenPGP functions.
6071 * gnutls_openpgp_crt_get_subkey_usage: OpenPGP functions. (line 616)
6072 * gnutls_openpgp_crt_get_version: OpenPGP functions. (line 638)
6073 * gnutls_openpgp_crt_import: OpenPGP functions. (line 650)
6074 * gnutls_openpgp_crt_init: OpenPGP functions. (line 667)
6075 * gnutls_openpgp_crt_print: OpenPGP functions. (line 677)
6076 * gnutls_openpgp_crt_set_preferred_key_id: OpenPGP functions.
6078 * gnutls_openpgp_crt_verify_ring: OpenPGP functions. (line 713)
6079 * gnutls_openpgp_crt_verify_self: OpenPGP functions. (line 736)
6080 * gnutls_openpgp_keyring_check_id: OpenPGP functions. (line 753)
6081 * gnutls_openpgp_keyring_deinit: OpenPGP functions. (line 770)
6082 * gnutls_openpgp_keyring_get_crt: OpenPGP functions. (line 791)
6083 * gnutls_openpgp_keyring_get_crt_count: OpenPGP functions. (line 779)
6084 * gnutls_openpgp_keyring_import: OpenPGP functions. (line 810)
6085 * gnutls_openpgp_keyring_init: OpenPGP functions. (line 828)
6086 * gnutls_openpgp_privkey_deinit: OpenPGP functions. (line 839)
6087 * gnutls_openpgp_privkey_export: OpenPGP functions. (line 964)
6088 * gnutls_openpgp_privkey_export_dsa_raw: OpenPGP functions. (line 848)
6089 * gnutls_openpgp_privkey_export_rsa_raw: OpenPGP functions. (line 875)
6090 * gnutls_openpgp_privkey_export_subkey_dsa_raw: OpenPGP functions.
6092 * gnutls_openpgp_privkey_export_subkey_rsa_raw: OpenPGP functions.
6094 * gnutls_openpgp_privkey_get_fingerprint: OpenPGP functions. (line 993)
6095 * gnutls_openpgp_privkey_get_key_id: OpenPGP functions. (line 1012)
6096 * gnutls_openpgp_privkey_get_pk_algorithm: OpenPGP functions.
6098 * gnutls_openpgp_privkey_get_preferred_key_id: OpenPGP functions.
6100 * gnutls_openpgp_privkey_get_revoked_status: OpenPGP functions.
6102 * gnutls_openpgp_privkey_get_subkey_count: OpenPGP functions.
6104 * gnutls_openpgp_privkey_get_subkey_creation_time: OpenPGP functions.
6106 * gnutls_openpgp_privkey_get_subkey_expiration_time: OpenPGP functions.
6108 * gnutls_openpgp_privkey_get_subkey_fingerprint: OpenPGP functions.
6110 * gnutls_openpgp_privkey_get_subkey_id: OpenPGP functions. (line 1161)
6111 * gnutls_openpgp_privkey_get_subkey_idx: OpenPGP functions. (line 1145)
6112 * gnutls_openpgp_privkey_get_subkey_pk_algorithm: OpenPGP functions.
6114 * gnutls_openpgp_privkey_get_subkey_revoked_status: OpenPGP functions.
6116 * gnutls_openpgp_privkey_import: OpenPGP functions. (line 1221)
6117 * gnutls_openpgp_privkey_init: OpenPGP functions. (line 1244)
6118 * gnutls_openpgp_privkey_sec_param: OpenPGP functions. (line 1255)
6119 * gnutls_openpgp_privkey_set_preferred_key_id: OpenPGP functions.
6121 * gnutls_openpgp_privkey_sign_hash: OpenPGP functions. (line 1283)
6122 * gnutls_openpgp_send_cert: Core functions. (line 2964)
6123 * gnutls_openpgp_set_recv_key_function: OpenPGP functions. (line 1304)
6124 * gnutls_pem_base64_decode: Core functions. (line 3001)
6125 * gnutls_pem_base64_decode_alloc: Core functions. (line 2979)
6126 * gnutls_pem_base64_encode: Core functions. (line 3046)
6127 * gnutls_pem_base64_encode_alloc: Core functions. (line 3025)
6128 * gnutls_perror: Core functions. (line 3069)
6129 * gnutls_pkcs11_add_provider: Core functions. (line 3146)
6130 * gnutls_pkcs11_copy_secret_key: Core functions. (line 3162)
6131 * gnutls_pkcs11_copy_x509_crt: Core functions. (line 3185)
6132 * gnutls_pkcs11_copy_x509_privkey: Core functions. (line 3205)
6133 * gnutls_pkcs11_deinit: Core functions. (line 3229)
6134 * gnutls_pkcs11_delete_url: Core functions. (line 3236)
6135 * gnutls_pkcs11_init: Core functions. (line 3250)
6136 * gnutls_pkcs11_obj_deinit: Core functions. (line 3277)
6137 * gnutls_pkcs11_obj_export: Core functions. (line 3301)
6138 * gnutls_pkcs11_obj_export_url: Core functions. (line 3285)
6139 * gnutls_pkcs11_obj_get_info: Core functions. (line 3327)
6140 * gnutls_pkcs11_obj_get_type: Core functions. (line 3350)
6141 * gnutls_pkcs11_obj_import_url: Core functions. (line 3360)
6142 * gnutls_pkcs11_obj_init: Core functions. (line 3380)
6143 * gnutls_pkcs11_obj_list_import_url: Core functions. (line 3391)
6144 * gnutls_pkcs11_privkey_deinit: Core functions. (line 3415)
6145 * gnutls_pkcs11_privkey_export_url: Core functions. (line 3424)
6146 * gnutls_pkcs11_privkey_get_info: Core functions. (line 3441)
6147 * gnutls_pkcs11_privkey_get_pk_algorithm: Core functions. (line 3463)
6148 * gnutls_pkcs11_privkey_import_url: Core functions. (line 3476)
6149 * gnutls_pkcs11_privkey_init: Core functions. (line 3496)
6150 * gnutls_pkcs11_reinit: Core functions. (line 3508)
6151 * gnutls_pkcs11_set_pin_function: Core functions. (line 3522)
6152 * gnutls_pkcs11_set_token_function: Core functions. (line 3554)
6153 * gnutls_pkcs11_token_get_flags: Core functions. (line 3569)
6154 * gnutls_pkcs11_token_get_info: Core functions. (line 3583)
6155 * gnutls_pkcs11_token_get_mechanism: Core functions. (line 3604)
6156 * gnutls_pkcs11_token_get_url: Core functions. (line 3621)
6157 * gnutls_pkcs11_token_init: Core functions. (line 3639)
6158 * gnutls_pkcs11_token_set_pin: Core functions. (line 3658)
6159 * gnutls_pkcs12_bag_decrypt: X.509 certificate functions.
6161 * gnutls_pkcs12_bag_deinit: X.509 certificate functions.
6163 * gnutls_pkcs12_bag_encrypt: X.509 certificate functions.
6165 * gnutls_pkcs12_bag_get_count: X.509 certificate functions.
6167 * gnutls_pkcs12_bag_get_data: X.509 certificate functions.
6169 * gnutls_pkcs12_bag_get_friendly_name: X.509 certificate functions.
6171 * gnutls_pkcs12_bag_get_key_id: X.509 certificate functions.
6173 * gnutls_pkcs12_bag_get_type: X.509 certificate functions.
6175 * gnutls_pkcs12_bag_init: X.509 certificate functions.
6177 * gnutls_pkcs12_bag_set_crl: X.509 certificate functions.
6179 * gnutls_pkcs12_bag_set_crt: X.509 certificate functions.
6181 * gnutls_pkcs12_bag_set_data: X.509 certificate functions.
6183 * gnutls_pkcs12_bag_set_friendly_name: X.509 certificate functions.
6185 * gnutls_pkcs12_bag_set_key_id: X.509 certificate functions.
6187 * gnutls_pkcs12_deinit: X.509 certificate functions.
6189 * gnutls_pkcs12_export: X.509 certificate functions.
6191 * gnutls_pkcs12_generate_mac: X.509 certificate functions.
6193 * gnutls_pkcs12_get_bag: X.509 certificate functions.
6195 * gnutls_pkcs12_import: X.509 certificate functions.
6197 * gnutls_pkcs12_init: X.509 certificate functions.
6199 * gnutls_pkcs12_set_bag: X.509 certificate functions.
6201 * gnutls_pkcs12_verify_mac: X.509 certificate functions.
6203 * gnutls_pkcs7_deinit: X.509 certificate functions.
6205 * gnutls_pkcs7_delete_crl: X.509 certificate functions.
6207 * gnutls_pkcs7_delete_crt: X.509 certificate functions.
6209 * gnutls_pkcs7_export: X.509 certificate functions.
6211 * gnutls_pkcs7_get_crl_count: X.509 certificate functions.
6213 * gnutls_pkcs7_get_crl_raw: X.509 certificate functions.
6215 * gnutls_pkcs7_get_crt_count: X.509 certificate functions.
6217 * gnutls_pkcs7_get_crt_raw: X.509 certificate functions.
6219 * gnutls_pkcs7_import: X.509 certificate functions.
6221 * gnutls_pkcs7_init: X.509 certificate functions.
6223 * gnutls_pkcs7_set_crl: X.509 certificate functions.
6225 * gnutls_pkcs7_set_crl_raw: X.509 certificate functions.
6227 * gnutls_pkcs7_set_crt: X.509 certificate functions.
6229 * gnutls_pkcs7_set_crt_raw: X.509 certificate functions.
6231 * gnutls_pk_algorithm_get_name: Core functions. (line 3078)
6232 * gnutls_pk_bits_to_sec_param: Core functions. (line 3090)
6233 * gnutls_pk_get_id: Core functions. (line 3105)
6234 * gnutls_pk_get_name: Core functions. (line 3120)
6235 * gnutls_pk_list: Core functions. (line 3134)
6236 * gnutls_prf: Core functions. (line 3717)
6237 * gnutls_prf_raw: Core functions. (line 3678)
6238 * gnutls_priority_deinit: Core functions. (line 3759)
6239 * gnutls_priority_init: Core functions. (line 3768)
6240 * gnutls_priority_set: Core functions. (line 3853)
6241 * gnutls_priority_set_direct: Core functions. (line 3833)
6242 * gnutls_privkey_decrypt_data: Core functions. (line 3867)
6243 * gnutls_privkey_deinit: Core functions. (line 3888)
6244 * gnutls_privkey_get_pk_algorithm: Core functions. (line 3896)
6245 * gnutls_privkey_get_type: Core functions. (line 3913)
6246 * gnutls_privkey_import_openpgp: Core functions. (line 3926)
6247 * gnutls_privkey_import_pkcs11: Core functions. (line 3947)
6248 * gnutls_privkey_import_x509: Core functions. (line 3967)
6249 * gnutls_privkey_init: Core functions. (line 3987)
6250 * gnutls_privkey_sign_data: Core functions. (line 3998)
6251 * gnutls_privkey_sign_hash: Core functions. (line 4025)
6252 * gnutls_protocol_get_id: Core functions. (line 4055)
6253 * gnutls_protocol_get_name: Core functions. (line 4067)
6254 * gnutls_protocol_get_version: Core functions. (line 4079)
6255 * gnutls_protocol_list: Core functions. (line 4090)
6256 * gnutls_protocol_set_priority: Core functions. (line 4100)
6257 * gnutls_psk_allocate_client_credentials: Core functions. (line 4115)
6258 * gnutls_psk_allocate_server_credentials: Core functions. (line 4127)
6259 * gnutls_psk_client_get_hint: Core functions. (line 4139)
6260 * gnutls_psk_free_client_credentials: Core functions. (line 4155)
6261 * gnutls_psk_free_server_credentials: Core functions. (line 4165)
6262 * gnutls_psk_netconf_derive_key: Core functions. (line 4175)
6263 * gnutls_psk_server_get_username: Core functions. (line 4201)
6264 * gnutls_psk_set_client_credentials: Core functions. (line 4237)
6265 * gnutls_psk_set_client_credentials_function: Core functions.
6267 * gnutls_psk_set_params_function: Core functions. (line 4258)
6268 * gnutls_psk_set_server_credentials_file: Core functions. (line 4272)
6269 * gnutls_psk_set_server_credentials_function: Core functions.
6271 * gnutls_psk_set_server_credentials_hint: Core functions. (line 4313)
6272 * gnutls_psk_set_server_dh_params: Core functions. (line 4331)
6273 * gnutls_psk_set_server_params_function: Core functions. (line 4345)
6274 * gnutls_pubkey_deinit: Core functions. (line 4359)
6275 * gnutls_pubkey_export: Core functions. (line 4367)
6276 * gnutls_pubkey_get_key_id: Core functions. (line 4394)
6277 * gnutls_pubkey_get_key_usage: Core functions. (line 4421)
6278 * gnutls_pubkey_get_pk_algorithm: Core functions. (line 4436)
6279 * gnutls_pubkey_get_pk_dsa_raw: Core functions. (line 4453)
6280 * gnutls_pubkey_get_pk_rsa_raw: Core functions. (line 4475)
6281 * gnutls_pubkey_get_preferred_hash_algorithm: Core functions.
6283 * gnutls_pubkey_get_verify_algorithm: Core functions. (line 4516)
6284 * gnutls_pubkey_import: Core functions. (line 4666)
6285 * gnutls_pubkey_import_dsa_raw: Core functions. (line 4535)
6286 * gnutls_pubkey_import_openpgp: Core functions. (line 4558)
6287 * gnutls_pubkey_import_pkcs11: Core functions. (line 4593)
6288 * gnutls_pubkey_import_pkcs11_url: Core functions. (line 4576)
6289 * gnutls_pubkey_import_privkey: Core functions. (line 4610)
6290 * gnutls_pubkey_import_rsa_raw: Core functions. (line 4631)
6291 * gnutls_pubkey_import_x509: Core functions. (line 4649)
6292 * gnutls_pubkey_init: Core functions. (line 4685)
6293 * gnutls_pubkey_set_key_usage: Core functions. (line 4696)
6294 * gnutls_pubkey_verify_data: Core functions. (line 4712)
6295 * gnutls_pubkey_verify_hash: Core functions. (line 4735)
6296 * gnutls_record_check_pending: Core functions. (line 4756)
6297 * gnutls_record_disable_padding: Core functions. (line 4768)
6298 * gnutls_record_get_direction: Core functions. (line 4783)
6299 * gnutls_record_get_max_size: Core functions. (line 4803)
6300 * gnutls_record_recv: Core functions. (line 4815)
6301 * gnutls_record_send: Core functions. (line 4850)
6302 * gnutls_record_set_max_size: Core functions. (line 4883)
6303 * gnutls_rehandshake: Core functions. (line 4907)
6304 * gnutls_rnd: Core functions. (line 4937)
6305 * gnutls_rsa_export_get_modulus_bits: Core functions. (line 4953)
6306 * gnutls_rsa_export_get_pubkey: Core functions. (line 4965)
6307 * gnutls_rsa_params_cpy: Core functions. (line 4983)
6308 * gnutls_rsa_params_deinit: Core functions. (line 4998)
6309 * gnutls_rsa_params_export_pkcs1: Core functions. (line 5007)
6310 * gnutls_rsa_params_export_raw: Core functions. (line 5034)
6311 * gnutls_rsa_params_generate2: Core functions. (line 5064)
6312 * gnutls_rsa_params_import_pkcs1: Core functions. (line 5085)
6313 * gnutls_rsa_params_import_raw: Core functions. (line 5107)
6314 * gnutls_rsa_params_init: Core functions. (line 5135)
6315 * gnutls_safe_renegotiation_status: Core functions. (line 5148)
6316 * gnutls_sec_param_get_name: Core functions. (line 5163)
6317 * gnutls_sec_param_to_pk_bits: Core functions. (line 5175)
6318 * gnutls_server_name_get: Core functions. (line 5192)
6319 * gnutls_server_name_set: Core functions. (line 5229)
6320 * gnutls_session_channel_binding: Core functions. (line 5256)
6321 * gnutls_session_enable_compatibility_mode: Core functions. (line 5277)
6322 * gnutls_session_get_data: Core functions. (line 5313)
6323 * gnutls_session_get_data2: Core functions. (line 5291)
6324 * gnutls_session_get_id: Core functions. (line 5337)
6325 * gnutls_session_get_ptr: Core functions. (line 5361)
6326 * gnutls_session_is_resumed: Core functions. (line 5373)
6327 * gnutls_session_set_data: Core functions. (line 5384)
6328 * gnutls_session_set_ptr: Core functions. (line 5407)
6329 * gnutls_session_ticket_enable_client: Core functions. (line 5420)
6330 * gnutls_session_ticket_enable_server: Core functions. (line 5435)
6331 * gnutls_session_ticket_key_generate: Core functions. (line 5453)
6332 * gnutls_set_default_export_priority: Core functions. (line 5469)
6333 * gnutls_set_default_priority: Core functions. (line 5491)
6334 * gnutls_sign_algorithm_get_name: Core functions. (line 5511)
6335 * gnutls_sign_algorithm_get_requested: Core functions. (line 5523)
6336 * gnutls_sign_callback_get: Core functions. (line 5550)
6337 * gnutls_sign_callback_set: Core functions. (line 5566)
6338 * gnutls_sign_get_id: Core functions. (line 5590)
6339 * gnutls_sign_get_name: Core functions. (line 5602)
6340 * gnutls_sign_list: Core functions. (line 5616)
6341 * gnutls_srp_allocate_client_credentials: Core functions. (line 5626)
6342 * gnutls_srp_allocate_server_credentials: Core functions. (line 5639)
6343 * gnutls_srp_base64_decode: Core functions. (line 5672)
6344 * gnutls_srp_base64_decode_alloc: Core functions. (line 5652)
6345 * gnutls_srp_base64_encode: Core functions. (line 5715)
6346 * gnutls_srp_base64_encode_alloc: Core functions. (line 5694)
6347 * gnutls_srp_free_client_credentials: Core functions. (line 5737)
6348 * gnutls_srp_free_server_credentials: Core functions. (line 5747)
6349 * gnutls_srp_server_get_username: Core functions. (line 5757)
6350 * gnutls_srp_set_client_credentials: Core functions. (line 5800)
6351 * gnutls_srp_set_client_credentials_function: Core functions.
6353 * gnutls_srp_set_prime_bits: Core functions. (line 5821)
6354 * gnutls_srp_set_server_credentials_file: Core functions. (line 5842)
6355 * gnutls_srp_set_server_credentials_function: Core functions.
6357 * gnutls_srp_verifier: Core functions. (line 5896)
6358 * gnutls_strerror: Core functions. (line 5942)
6359 * gnutls_strerror_name: Core functions. (line 5927)
6360 * gnutls_supplemental_get_name: Core functions. (line 5956)
6361 * gnutls_transport_get_ptr: Core functions. (line 5985)
6362 * gnutls_transport_get_ptr2: Core functions. (line 5969)
6363 * gnutls_transport_set_errno: Core functions. (line 6014)
6364 * gnutls_transport_set_errno_function: Core functions. (line 5998)
6365 * gnutls_transport_set_global_errno: Core functions. (line 6038)
6366 * gnutls_transport_set_lowat: Core functions. (line 6060)
6367 * gnutls_transport_set_ptr: Core functions. (line 6092)
6368 * gnutls_transport_set_ptr2: Core functions. (line 6075)
6369 * gnutls_transport_set_pull_function: Core functions. (line 6105)
6370 * gnutls_transport_set_push_function: Core functions. (line 6121)
6371 * gnutls_transport_set_vec_push_function: Core functions. (line 6139)
6372 * gnutls_x509_crl_check_issuer: X.509 certificate functions.
6374 * gnutls_x509_crl_deinit: X.509 certificate functions.
6376 * gnutls_x509_crl_export: X.509 certificate functions.
6378 * gnutls_x509_crl_get_authority_key_id: X.509 certificate functions.
6380 * gnutls_x509_crl_get_crt_count: X.509 certificate functions.
6382 * gnutls_x509_crl_get_crt_serial: X.509 certificate functions.
6384 * gnutls_x509_crl_get_dn_oid: X.509 certificate functions.
6386 * gnutls_x509_crl_get_extension_data: X.509 certificate functions.
6388 * gnutls_x509_crl_get_extension_info: X.509 certificate functions.
6390 * gnutls_x509_crl_get_extension_oid: X.509 certificate functions.
6392 * gnutls_x509_crl_get_issuer_dn: X.509 certificate functions.
6394 * gnutls_x509_crl_get_issuer_dn_by_oid: X.509 certificate functions.
6396 * gnutls_x509_crl_get_next_update: X.509 certificate functions.
6398 * gnutls_x509_crl_get_number: X.509 certificate functions.
6400 * gnutls_x509_crl_get_raw_issuer_dn: X.509 certificate functions.
6402 * gnutls_x509_crl_get_signature: X.509 certificate functions.
6404 * gnutls_x509_crl_get_signature_algorithm: X.509 certificate functions.
6406 * gnutls_x509_crl_get_this_update: X.509 certificate functions.
6408 * gnutls_x509_crl_get_version: X.509 certificate functions.
6410 * gnutls_x509_crl_import: X.509 certificate functions.
6412 * gnutls_x509_crl_init: X.509 certificate functions.
6414 * gnutls_x509_crl_print: X.509 certificate functions.
6416 * gnutls_x509_crl_privkey_sign: X.509 certificate functions.
6418 * gnutls_x509_crl_set_authority_key_id: X.509 certificate functions.
6420 * gnutls_x509_crl_set_crt: X.509 certificate functions.
6422 * gnutls_x509_crl_set_crt_serial: X.509 certificate functions.
6424 * gnutls_x509_crl_set_next_update: X.509 certificate functions.
6426 * gnutls_x509_crl_set_number: X.509 certificate functions.
6428 * gnutls_x509_crl_set_this_update: X.509 certificate functions.
6430 * gnutls_x509_crl_set_version: X.509 certificate functions.
6432 * gnutls_x509_crl_sign: X.509 certificate functions.
6434 * gnutls_x509_crl_sign2: X.509 certificate functions.
6436 * gnutls_x509_crl_verify: X.509 certificate functions.
6438 * gnutls_x509_crq_deinit: X.509 certificate functions.
6440 * gnutls_x509_crq_export: X.509 certificate functions.
6442 * gnutls_x509_crq_get_attribute_by_oid: X.509 certificate functions.
6444 * gnutls_x509_crq_get_attribute_data: X.509 certificate functions.
6446 * gnutls_x509_crq_get_attribute_info: X.509 certificate functions.
6448 * gnutls_x509_crq_get_basic_constraints: X.509 certificate functions.
6450 * gnutls_x509_crq_get_challenge_password: X.509 certificate functions.
6452 * gnutls_x509_crq_get_dn: X.509 certificate functions.
6454 * gnutls_x509_crq_get_dn_by_oid: X.509 certificate functions.
6456 * gnutls_x509_crq_get_dn_oid: X.509 certificate functions.
6458 * gnutls_x509_crq_get_extension_by_oid: X.509 certificate functions.
6460 * gnutls_x509_crq_get_extension_data: X.509 certificate functions.
6462 * gnutls_x509_crq_get_extension_info: X.509 certificate functions.
6464 * gnutls_x509_crq_get_key_id: X.509 certificate functions.
6466 * gnutls_x509_crq_get_key_purpose_oid: X.509 certificate functions.
6468 * gnutls_x509_crq_get_key_rsa_raw: X.509 certificate functions.
6470 * gnutls_x509_crq_get_key_usage: X.509 certificate functions.
6472 * gnutls_x509_crq_get_pk_algorithm: X.509 certificate functions.
6474 * gnutls_x509_crq_get_subject_alt_name: X.509 certificate functions.
6476 * gnutls_x509_crq_get_subject_alt_othername_oid: X.509 certificate functions.
6478 * gnutls_x509_crq_get_version: X.509 certificate functions.
6480 * gnutls_x509_crq_import: X.509 certificate functions.
6482 * gnutls_x509_crq_init: X.509 certificate functions.
6484 * gnutls_x509_crq_print: X.509 certificate functions.
6486 * gnutls_x509_crq_privkey_sign: X.509 certificate functions.
6488 * gnutls_x509_crq_set_attribute_by_oid: X.509 certificate functions.
6490 * gnutls_x509_crq_set_basic_constraints: X.509 certificate functions.
6492 * gnutls_x509_crq_set_challenge_password: X.509 certificate functions.
6494 * gnutls_x509_crq_set_dn_by_oid: X.509 certificate functions.
6496 * gnutls_x509_crq_set_key: X.509 certificate functions.
6498 * gnutls_x509_crq_set_key_purpose_oid: X.509 certificate functions.
6500 * gnutls_x509_crq_set_key_rsa_raw: X.509 certificate functions.
6502 * gnutls_x509_crq_set_key_usage: X.509 certificate functions.
6504 * gnutls_x509_crq_set_pubkey: Core functions. (line 6157)
6505 * gnutls_x509_crq_set_subject_alt_name: X.509 certificate functions.
6507 * gnutls_x509_crq_set_version: X.509 certificate functions.
6509 * gnutls_x509_crq_sign: X.509 certificate functions.
6511 * gnutls_x509_crq_sign2: X.509 certificate functions.
6513 * gnutls_x509_crq_verify: X.509 certificate functions.
6515 * gnutls_x509_crt_check_hostname: X.509 certificate functions.
6517 * gnutls_x509_crt_check_issuer: X.509 certificate functions.
6519 * gnutls_x509_crt_check_revocation: X.509 certificate functions.
6521 * gnutls_x509_crt_cpy_crl_dist_points: X.509 certificate functions.
6523 * gnutls_x509_crt_deinit: X.509 certificate functions.
6525 * gnutls_x509_crt_export: X.509 certificate functions.
6527 * gnutls_x509_crt_get_activation_time: X.509 certificate functions.
6529 * gnutls_x509_crt_get_authority_key_id: X.509 certificate functions.
6531 * gnutls_x509_crt_get_basic_constraints: X.509 certificate functions.
6533 * gnutls_x509_crt_get_ca_status: X.509 certificate functions.
6535 * gnutls_x509_crt_get_crl_dist_points: X.509 certificate functions.
6537 * gnutls_x509_crt_get_dn: X.509 certificate functions.
6539 * gnutls_x509_crt_get_dn_by_oid: X.509 certificate functions.
6541 * gnutls_x509_crt_get_dn_oid: X.509 certificate functions.
6543 * gnutls_x509_crt_get_expiration_time: X.509 certificate functions.
6545 * gnutls_x509_crt_get_extension_by_oid: X.509 certificate functions.
6547 * gnutls_x509_crt_get_extension_data: X.509 certificate functions.
6549 * gnutls_x509_crt_get_extension_info: X.509 certificate functions.
6551 * gnutls_x509_crt_get_extension_oid: X.509 certificate functions.
6553 * gnutls_x509_crt_get_fingerprint: X.509 certificate functions.
6555 * gnutls_x509_crt_get_issuer: X.509 certificate functions.
6557 * gnutls_x509_crt_get_issuer_alt_name: X.509 certificate functions.
6559 * gnutls_x509_crt_get_issuer_alt_name2: X.509 certificate functions.
6561 * gnutls_x509_crt_get_issuer_alt_othername_oid: X.509 certificate functions.
6563 * gnutls_x509_crt_get_issuer_dn: X.509 certificate functions.
6565 * gnutls_x509_crt_get_issuer_dn_by_oid: X.509 certificate functions.
6567 * gnutls_x509_crt_get_issuer_dn_oid: X.509 certificate functions.
6569 * gnutls_x509_crt_get_issuer_unique_id: X.509 certificate functions.
6571 * gnutls_x509_crt_get_key_id: X.509 certificate functions.
6573 * gnutls_x509_crt_get_key_purpose_oid: X.509 certificate functions.
6575 * gnutls_x509_crt_get_key_usage: X.509 certificate functions.
6577 * gnutls_x509_crt_get_pk_algorithm: X.509 certificate functions.
6579 * gnutls_x509_crt_get_pk_dsa_raw: X.509 certificate functions.
6581 * gnutls_x509_crt_get_pk_rsa_raw: X.509 certificate functions.
6583 * gnutls_x509_crt_get_preferred_hash_algorithm: X.509 certificate functions.
6585 * gnutls_x509_crt_get_proxy: X.509 certificate functions.
6587 * gnutls_x509_crt_get_raw_dn: X.509 certificate functions.
6589 * gnutls_x509_crt_get_raw_issuer_dn: X.509 certificate functions.
6591 * gnutls_x509_crt_get_serial: X.509 certificate functions.
6593 * gnutls_x509_crt_get_signature: X.509 certificate functions.
6595 * gnutls_x509_crt_get_signature_algorithm: X.509 certificate functions.
6597 * gnutls_x509_crt_get_subject: X.509 certificate functions.
6599 * gnutls_x509_crt_get_subject_alt_name: X.509 certificate functions.
6601 * gnutls_x509_crt_get_subject_alt_name2: X.509 certificate functions.
6603 * gnutls_x509_crt_get_subject_alt_othername_oid: X.509 certificate functions.
6605 * gnutls_x509_crt_get_subject_key_id: X.509 certificate functions.
6607 * gnutls_x509_crt_get_subject_unique_id: X.509 certificate functions.
6609 * gnutls_x509_crt_get_verify_algorithm: X.509 certificate functions.
6611 * gnutls_x509_crt_get_version: X.509 certificate functions.
6613 * gnutls_x509_crt_import: X.509 certificate functions.
6615 * gnutls_x509_crt_import_pkcs11: Core functions. (line 6190)
6616 * gnutls_x509_crt_import_pkcs11_url: Core functions. (line 6172)
6617 * gnutls_x509_crt_init: X.509 certificate functions.
6619 * gnutls_x509_crt_list_import: X.509 certificate functions.
6621 * gnutls_x509_crt_list_import_pkcs11: Core functions. (line 6205)
6622 * gnutls_x509_crt_list_verify: X.509 certificate functions.
6624 * gnutls_x509_crt_print: X.509 certificate functions.
6626 * gnutls_x509_crt_privkey_sign: X.509 certificate functions.
6628 * gnutls_x509_crt_set_activation_time: X.509 certificate functions.
6630 * gnutls_x509_crt_set_authority_key_id: X.509 certificate functions.
6632 * gnutls_x509_crt_set_basic_constraints: X.509 certificate functions.
6634 * gnutls_x509_crt_set_ca_status: X.509 certificate functions.
6636 * gnutls_x509_crt_set_crl_dist_points: X.509 certificate functions.
6638 * gnutls_x509_crt_set_crl_dist_points2: X.509 certificate functions.
6640 * gnutls_x509_crt_set_crq: X.509 certificate functions.
6642 * gnutls_x509_crt_set_crq_extensions: X.509 certificate functions.
6644 * gnutls_x509_crt_set_dn_by_oid: X.509 certificate functions.
6646 * gnutls_x509_crt_set_expiration_time: X.509 certificate functions.
6648 * gnutls_x509_crt_set_extension_by_oid: X.509 certificate functions.
6650 * gnutls_x509_crt_set_issuer_dn_by_oid: X.509 certificate functions.
6652 * gnutls_x509_crt_set_key: X.509 certificate functions.
6654 * gnutls_x509_crt_set_key_purpose_oid: X.509 certificate functions.
6656 * gnutls_x509_crt_set_key_usage: X.509 certificate functions.
6658 * gnutls_x509_crt_set_proxy: X.509 certificate functions.
6660 * gnutls_x509_crt_set_proxy_dn: X.509 certificate functions.
6662 * gnutls_x509_crt_set_pubkey: Core functions. (line 6225)
6663 * gnutls_x509_crt_set_serial: X.509 certificate functions.
6665 * gnutls_x509_crt_set_subject_alternative_name: X.509 certificate functions.
6667 * gnutls_x509_crt_set_subject_alt_name: X.509 certificate functions.
6669 * gnutls_x509_crt_set_subject_key_id: X.509 certificate functions.
6671 * gnutls_x509_crt_set_version: X.509 certificate functions.
6673 * gnutls_x509_crt_sign: X.509 certificate functions.
6675 * gnutls_x509_crt_sign2: X.509 certificate functions.
6677 * gnutls_x509_crt_verify: X.509 certificate functions.
6679 * gnutls_x509_crt_verify_data: X.509 certificate functions.
6681 * gnutls_x509_crt_verify_hash: X.509 certificate functions.
6683 * gnutls_x509_dn_deinit: X.509 certificate functions.
6685 * gnutls_x509_dn_export: X.509 certificate functions.
6687 * gnutls_x509_dn_get_rdn_ava: X.509 certificate functions.
6689 * gnutls_x509_dn_import: X.509 certificate functions.
6691 * gnutls_x509_dn_init: X.509 certificate functions.
6693 * gnutls_x509_dn_oid_known: X.509 certificate functions.
6695 * gnutls_x509_privkey_cpy: X.509 certificate functions.
6697 * gnutls_x509_privkey_deinit: X.509 certificate functions.
6699 * gnutls_x509_privkey_export: X.509 certificate functions.
6701 * gnutls_x509_privkey_export_dsa_raw: X.509 certificate functions.
6703 * gnutls_x509_privkey_export_pkcs8: X.509 certificate functions.
6705 * gnutls_x509_privkey_export_rsa_raw: X.509 certificate functions.
6707 * gnutls_x509_privkey_export_rsa_raw2: X.509 certificate functions.
6709 * gnutls_x509_privkey_fix: X.509 certificate functions.
6711 * gnutls_x509_privkey_generate: X.509 certificate functions.
6713 * gnutls_x509_privkey_get_key_id: X.509 certificate functions.
6715 * gnutls_x509_privkey_get_pk_algorithm: X.509 certificate functions.
6717 * gnutls_x509_privkey_import: X.509 certificate functions.
6719 * gnutls_x509_privkey_import_dsa_raw: X.509 certificate functions.
6721 * gnutls_x509_privkey_import_pkcs8: X.509 certificate functions.
6723 * gnutls_x509_privkey_import_rsa_raw: X.509 certificate functions.
6725 * gnutls_x509_privkey_import_rsa_raw2: X.509 certificate functions.
6727 * gnutls_x509_privkey_init: X.509 certificate functions.
6729 * gnutls_x509_privkey_sec_param: X.509 certificate functions.
6731 * gnutls_x509_privkey_sign_data: X.509 certificate functions.
6733 * gnutls_x509_privkey_sign_hash: X.509 certificate functions.
6735 * gnutls_x509_privkey_verify_data: X.509 certificate functions.
6737 * gnutls_x509_rdn_get: X.509 certificate functions.
6739 * gnutls_x509_rdn_get_by_oid: X.509 certificate functions.
6741 * gnutls_x509_rdn_get_oid: X.509 certificate functions.
6743 * handshake: Core Interface. (line 320)
6744 * handshake-description->string: Core Interface. (line 411)
6745 * import-openpgp-certificate: Extra Interface. (line 58)
6746 * import-openpgp-keyring: Extra Interface. (line 18)
6747 * import-openpgp-private-key: Extra Interface. (line 53)
6748 * import-x509-certificate: Core Interface. (line 84)
6749 * import-x509-private-key: Core Interface. (line 80)
6750 * key-usage->string: Core Interface. (line 376)
6751 * kx->string: Core Interface. (line 439)
6752 * mac->string: Core Interface. (line 430)
6753 * make-anonymous-client-credentials: Core Interface. (line 189)
6754 * make-anonymous-server-credentials: Core Interface. (line 192)
6755 * make-certificate-credentials: Core Interface. (line 168)
6756 * make-dh-parameters: Core Interface. (line 208)
6757 * make-psk-client-credentials: Core Interface. (line 96)
6758 * make-psk-server-credentials: Core Interface. (line 102)
6759 * make-rsa-parameters: Representation of Binary Data.
6761 * make-rsa-parameters <1>: Core Interface. (line 182)
6762 * make-session: Core Interface. (line 326)
6763 * openpgp-certificate-algorithm: Extra Interface. (line 29)
6764 * openpgp-certificate-fingerprint: Extra Interface. (line 39)
6765 * openpgp-certificate-fingerprint!: Extra Interface. (line 42)
6766 * openpgp-certificate-format->string: Extra Interface. (line 62)
6767 * openpgp-certificate-id: Extra Interface. (line 50)
6768 * openpgp-certificate-id!: Extra Interface. (line 46)
6769 * openpgp-certificate-name: Extra Interface. (line 36)
6770 * openpgp-certificate-names: Extra Interface. (line 33)
6771 * openpgp-certificate-usage: Extra Interface. (line 22)
6772 * openpgp-certificate-version: Extra Interface. (line 25)
6773 * openpgp-certificate?: Extra Interface. (line 72)
6774 * openpgp-keyring-contains-key-id?: Extra Interface. (line 15)
6775 * openpgp-keyring?: Extra Interface. (line 66)
6776 * openpgp-private-key?: Extra Interface. (line 69)
6777 * params->string: Core Interface. (line 436)
6778 * peer-certificate-status: Core Interface. (line 105)
6779 * pk-algorithm->string: Core Interface. (line 385)
6780 * pkcs1-export-rsa-parameters: Representation of Binary Data.
6782 * pkcs1-export-rsa-parameters <1>: Core Interface. (line 172)
6783 * pkcs1-import-rsa-parameters: Core Interface. (line 177)
6784 * pkcs3-export-dh-parameters: Core Interface. (line 198)
6785 * pkcs3-import-dh-parameters: Core Interface. (line 203)
6786 * pkcs8-import-x509-private-key: Core Interface. (line 73)
6787 * protocol->string: Core Interface. (line 399)
6788 * psk-client-credentials?: Core Interface. (line 340)
6789 * psk-key-format->string: Core Interface. (line 379)
6790 * psk-server-credentials?: Core Interface. (line 343)
6791 * record-receive!: Input and Output. (line 47)
6792 * record-receive! <1>: Core Interface. (line 222)
6793 * record-send: Input and Output. (line 47)
6794 * record-send <1>: Core Interface. (line 226)
6795 * rehandshake: Core Interface. (line 317)
6796 * rsa-parameters?: Core Interface. (line 355)
6797 * server-session-psk-username: Core Interface. (line 88)
6798 * session-authentication-type: Core Interface. (line 289)
6799 * session-certificate-type: Core Interface. (line 296)
6800 * session-cipher: Enumerates and Constants.
6802 * session-cipher <1>: Core Interface. (line 308)
6803 * session-client-authentication-type: Core Interface. (line 281)
6804 * session-compression-method: Core Interface. (line 299)
6805 * session-kx: Core Interface. (line 305)
6806 * session-mac: Core Interface. (line 302)
6807 * session-our-certificate-chain: Core Interface. (line 269)
6808 * session-peer-certificate-chain: Core Interface. (line 274)
6809 * session-protocol: Core Interface. (line 293)
6810 * session-record-port: Input and Output. (line 28)
6811 * session-record-port <1>: Core Interface. (line 217)
6812 * session-server-authentication-type: Core Interface. (line 285)
6813 * session?: Core Interface. (line 367)
6814 * set-anonymous-server-dh-parameters!: Core Interface. (line 185)
6815 * set-certificate-credentials-dh-parameters!: Core Interface.
6817 * set-certificate-credentials-openpgp-keys!: Extra Interface.
6819 * set-certificate-credentials-rsa-export-parameters!: Core Interface.
6821 * set-certificate-credentials-verify-flags!: Core Interface. (line 110)
6822 * set-certificate-credentials-verify-limits!: Core Interface.
6824 * set-certificate-credentials-x509-crl-data!: Core Interface.
6826 * set-certificate-credentials-x509-crl-file!: Core Interface.
6828 * set-certificate-credentials-x509-key-data!: Core Interface.
6830 * set-certificate-credentials-x509-key-files!: Core Interface.
6832 * set-certificate-credentials-x509-keys!: Core Interface. (line 122)
6833 * set-certificate-credentials-x509-trust-data!: Core Interface.
6835 * set-certificate-credentials-x509-trust-file!: Core Interface.
6837 * set-log-level!: Core Interface. (line 11)
6838 * set-log-procedure!: Core Interface. (line 14)
6839 * set-psk-client-credentials!: Core Interface. (line 91)
6840 * set-psk-server-credentials-file!: Core Interface. (line 99)
6841 * set-server-session-certificate-request!: Core Interface. (line 263)
6842 * set-session-certificate-type-priority!: Core Interface. (line 241)
6843 * set-session-cipher-priority!: Core Interface. (line 260)
6844 * set-session-compression-method-priority!: Core Interface. (line 252)
6845 * set-session-credentials!: Core Interface. (line 229)
6846 * set-session-default-export-priority!: Core Interface. (line 235)
6847 * set-session-default-priority!: Core Interface. (line 238)
6848 * set-session-dh-prime-bits!: Core Interface. (line 195)
6849 * set-session-kx-priority!: Core Interface. (line 249)
6850 * set-session-mac-priority!: Core Interface. (line 257)
6851 * set-session-protocol-priority!: Core Interface. (line 246)
6852 * set-session-transport-fd!: Input and Output. (line 6)
6853 * set-session-transport-fd! <1>: Core Interface. (line 214)
6854 * set-session-transport-port!: Input and Output. (line 6)
6855 * set-session-transport-port! <1>: Core Interface. (line 211)
6856 * sign-algorithm->string: Core Interface. (line 382)
6857 * srp-client-credentials?: Core Interface. (line 346)
6858 * srp-server-credentials?: Core Interface. (line 349)
6859 * x509-certificate-authority-key-id: Core Interface. (line 28)
6860 * x509-certificate-dn: Core Interface. (line 68)
6861 * x509-certificate-dn-oid: Core Interface. (line 61)
6862 * x509-certificate-format->string: Core Interface. (line 392)
6863 * x509-certificate-issuer-dn: Core Interface. (line 65)
6864 * x509-certificate-issuer-dn-oid: Core Interface. (line 57)
6865 * x509-certificate-key-id: Core Interface. (line 32)
6866 * x509-certificate-key-usage: Core Interface. (line 40)
6867 * x509-certificate-matches-hostname?: Core Interface. (line 52)
6868 * x509-certificate-public-key-algorithm: Core Interface. (line 44)
6869 * x509-certificate-signature-algorithm: Core Interface. (line 48)
6870 * x509-certificate-subject-alternative-name: Core Interface. (line 18)
6871 * x509-certificate-subject-key-id: Core Interface. (line 25)
6872 * x509-certificate-version: Core Interface. (line 37)
6873 * x509-certificate?: Core Interface. (line 337)
6874 * x509-private-key?: Core Interface. (line 334)
6875 * x509-subject-alternative-name->string: Core Interface. (line 388)