This is gnutls.info, produced by makeinfo version 4.13.90 from gnutls.texi. This manual is last updated 10 May 2012 for version 3.0.21 of GnuTLS. Copyright (C) 2001-2012 Free Software Foundation, Inc. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License". INFO-DIR-SECTION Software libraries START-INFO-DIR-ENTRY * GnuTLS: (gnutls). GNU Transport Layer Security Library. END-INFO-DIR-ENTRY INFO-DIR-SECTION System Administration START-INFO-DIR-ENTRY * certtool: (gnutls)Invoking certtool. Manipulate certificates and keys. * gnutls-serv: (gnutls)Invoking gnutls-serv. GnuTLS test server. * gnutls-cli: (gnutls)Invoking gnutls-cli. GnuTLS test client. * gnutls-cli-debug: (gnutls)Invoking gnutls-cli-debug. GnuTLS debug client. * psktool: (gnutls)Invoking psktool. Simple TLS-Pre-Shared-Keys manager. * srptool: (gnutls)Invoking srptool. Simple SRP password tool. END-INFO-DIR-ENTRY  File: gnutls.info, Node: Cryptographic API, Next: Compatibility API, Prev: Abstract key API, Up: API reference E.9 Cryptographic API ===================== The following functions are to be used for low-level cryptographic operations. Their prototypes lie in 'gnutls/crypto.h'. gnutls_cipher_add_auth ---------------------- -- Function: int gnutls_cipher_add_auth (gnutls_cipher_hd_t HANDLE, const void * TEXT, size_t TEXT_SIZE) HANDLE: is a 'gnutls_cipher_hd_t' structure. TEXT: the data to be authenticated TEXT_SIZE: The length of the data This function operates on authenticated encryption with associated data (AEAD) ciphers and authenticate the input data. This function can only be called once and before any encryption operations. *Returns:* Zero or a negative error code on error. *Since:* 3.0 gnutls_cipher_decrypt --------------------- -- Function: int gnutls_cipher_decrypt (gnutls_cipher_hd_t HANDLE, void * CIPHERTEXT, size_t CIPHERTEXTLEN) HANDLE: is a 'gnutls_cipher_hd_t' structure. CIPHERTEXT: the data to encrypt CIPHERTEXTLEN: The length of data to encrypt This function will decrypt the given data using the algorithm specified by the context. *Returns:* Zero or a negative error code on error. *Since:* 2.10.0 gnutls_cipher_decrypt2 ---------------------- -- Function: int gnutls_cipher_decrypt2 (gnutls_cipher_hd_t HANDLE, const void * CIPHERTEXT, size_t CIPHERTEXTLEN, void * TEXT, size_t TEXTLEN) HANDLE: is a 'gnutls_cipher_hd_t' structure. CIPHERTEXT: the data to encrypt CIPHERTEXTLEN: The length of data to encrypt TEXT: the decrypted data TEXTLEN: The available length for decrypted data This function will decrypt the given data using the algorithm specified by the context. *Returns:* Zero or a negative error code on error. *Since:* 2.12.0 gnutls_cipher_deinit -------------------- -- Function: void gnutls_cipher_deinit (gnutls_cipher_hd_t HANDLE) HANDLE: is a 'gnutls_cipher_hd_t' structure. This function will deinitialize all resources occupied by the given encryption context. *Since:* 2.10.0 gnutls_cipher_encrypt --------------------- -- Function: int gnutls_cipher_encrypt (gnutls_cipher_hd_t HANDLE, void * TEXT, size_t TEXTLEN) HANDLE: is a 'gnutls_cipher_hd_t' structure. TEXT: the data to encrypt TEXTLEN: The length of data to encrypt This function will encrypt the given data using the algorithm specified by the context. *Returns:* Zero or a negative error code on error. *Since:* 2.10.0 gnutls_cipher_encrypt2 ---------------------- -- Function: int gnutls_cipher_encrypt2 (gnutls_cipher_hd_t HANDLE, const void * TEXT, size_t TEXTLEN, void * CIPHERTEXT, size_t CIPHERTEXTLEN) HANDLE: is a 'gnutls_cipher_hd_t' structure. TEXT: the data to encrypt TEXTLEN: The length of data to encrypt CIPHERTEXT: the encrypted data CIPHERTEXTLEN: The available length for encrypted data This function will encrypt the given data using the algorithm specified by the context. *Returns:* Zero or a negative error code on error. *Since:* 2.12.0 gnutls_cipher_get_block_size ---------------------------- -- Function: int gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t ALGORITHM) ALGORITHM: is an encryption algorithm Get block size for encryption algorithm. *Returns:* block size for encryption algorithm. *Since:* 2.10.0 gnutls_cipher_init ------------------ -- Function: int gnutls_cipher_init (gnutls_cipher_hd_t * HANDLE, gnutls_cipher_algorithm_t CIPHER, const gnutls_datum_t * KEY, const gnutls_datum_t * IV) HANDLE: is a 'gnutls_cipher_hd_t' structure. CIPHER: the encryption algorithm to use KEY: The key to be used for encryption IV: The IV to use (if not applicable set NULL) This function will initialize an context that can be used for encryption/decryption of data. This will effectively use the current crypto backend in use by gnutls or the cryptographic accelerator in use. *Returns:* Zero or a negative error code on error. *Since:* 2.10.0 gnutls_cipher_set_iv -------------------- -- Function: void gnutls_cipher_set_iv (gnutls_cipher_hd_t HANDLE, void * IV, size_t IVLEN) HANDLE: is a 'gnutls_cipher_hd_t' structure. IV: the IV to set IVLEN: The length of the IV This function will set the IV to be used for the next encryption block. *Since:* 3.0 gnutls_cipher_tag ----------------- -- Function: int gnutls_cipher_tag (gnutls_cipher_hd_t HANDLE, void * TAG, size_t TAG_SIZE) HANDLE: is a 'gnutls_cipher_hd_t' structure. TAG: will hold the tag TAG_SIZE: The length of the tag to return This function operates on authenticated encryption with associated data (AEAD) ciphers and will return the output tag. *Returns:* Zero or a negative error code on error. *Since:* 3.0 gnutls_hash ----------- -- Function: int gnutls_hash (gnutls_hash_hd_t HANDLE, const void * TEXT, size_t TEXTLEN) HANDLE: is a 'gnutls_cipher_hd_t' structure. TEXT: the data to hash TEXTLEN: The length of data to hash This function will hash the given data using the algorithm specified by the context. *Returns:* Zero or a negative error code on error. *Since:* 2.10.0 gnutls_hash_deinit ------------------ -- Function: void gnutls_hash_deinit (gnutls_hash_hd_t HANDLE, void * DIGEST) HANDLE: is a 'gnutls_hash_hd_t' structure. DIGEST: is the output value of the hash This function will deinitialize all resources occupied by the given hash context. *Since:* 2.10.0 gnutls_hash_fast ---------------- -- Function: int gnutls_hash_fast (gnutls_digest_algorithm_t ALGORITHM, const void * TEXT, size_t TEXTLEN, void * DIGEST) ALGORITHM: the hash algorithm to use TEXT: the data to hash TEXTLEN: The length of data to hash DIGEST: is the output value of the hash This convenience function will hash the given data and return output on a single call. *Returns:* Zero or a negative error code on error. *Since:* 2.10.0 gnutls_hash_get_len ------------------- -- Function: int gnutls_hash_get_len (gnutls_digest_algorithm_t ALGORITHM) ALGORITHM: the hash algorithm to use This function will return the length of the output data of the given hash algorithm. *Returns:* The length or zero on error. *Since:* 2.10.0 gnutls_hash_init ---------------- -- Function: int gnutls_hash_init (gnutls_hash_hd_t * DIG, gnutls_digest_algorithm_t ALGORITHM) DIG: is a 'gnutls_hash_hd_t' structure. ALGORITHM: the hash algorithm to use This function will initialize an context that can be used to produce a Message Digest of data. This will effectively use the current crypto backend in use by gnutls or the cryptographic accelerator in use. *Returns:* Zero or a negative error code on error. *Since:* 2.10.0 gnutls_hash_output ------------------ -- Function: void gnutls_hash_output (gnutls_hash_hd_t HANDLE, void * DIGEST) HANDLE: is a 'gnutls_hash_hd_t' structure. DIGEST: is the output value of the hash This function will output the current hash value. *Since:* 2.10.0 gnutls_hmac ----------- -- Function: int gnutls_hmac (gnutls_hmac_hd_t HANDLE, const void * TEXT, size_t TEXTLEN) HANDLE: is a 'gnutls_cipher_hd_t' structure. TEXT: the data to hash TEXTLEN: The length of data to hash This function will hash the given data using the algorithm specified by the context. *Returns:* Zero or a negative error code on error. *Since:* 2.10.0 gnutls_hmac_deinit ------------------ -- Function: void gnutls_hmac_deinit (gnutls_hmac_hd_t HANDLE, void * DIGEST) HANDLE: is a 'gnutls_hmac_hd_t' structure. DIGEST: is the output value of the MAC This function will deinitialize all resources occupied by the given hmac context. *Since:* 2.10.0 gnutls_hmac_fast ---------------- -- Function: int gnutls_hmac_fast (gnutls_mac_algorithm_t ALGORITHM, const void * KEY, size_t KEYLEN, const void * TEXT, size_t TEXTLEN, void * DIGEST) ALGORITHM: the hash algorithm to use KEY: the key to use KEYLEN: The length of the key TEXT: the data to hash TEXTLEN: The length of data to hash DIGEST: is the output value of the hash This convenience function will hash the given data and return output on a single call. *Returns:* Zero or a negative error code on error. *Since:* 2.10.0 gnutls_hmac_get_len ------------------- -- Function: int gnutls_hmac_get_len (gnutls_mac_algorithm_t ALGORITHM) ALGORITHM: the hmac algorithm to use This function will return the length of the output data of the given hmac algorithm. *Returns:* The length or zero on error. *Since:* 2.10.0 gnutls_hmac_init ---------------- -- Function: int gnutls_hmac_init (gnutls_hmac_hd_t * DIG, gnutls_mac_algorithm_t ALGORITHM, const void * KEY, size_t KEYLEN) DIG: is a 'gnutls_hmac_hd_t' structure. ALGORITHM: the HMAC algorithm to use KEY: The key to be used for encryption KEYLEN: The length of the key This function will initialize an context that can be used to produce a Message Authentication Code (MAC) of data. This will effectively use the current crypto backend in use by gnutls or the cryptographic accelerator in use. *Returns:* Zero or a negative error code on error. *Since:* 2.10.0 gnutls_hmac_output ------------------ -- Function: void gnutls_hmac_output (gnutls_hmac_hd_t HANDLE, void * DIGEST) HANDLE: is a 'gnutls_hmac_hd_t' structure. DIGEST: is the output value of the MAC This function will output the current MAC value. *Since:* 2.10.0 gnutls_rnd ---------- -- Function: int gnutls_rnd (gnutls_rnd_level_t LEVEL, void * DATA, size_t LEN) LEVEL: a security level DATA: place to store random bytes LEN: The requested size This function will generate random data and store it to output buffer. *Returns:* Zero or a negative error code on error. *Since:* 2.12.0  File: gnutls.info, Node: Compatibility API, Prev: Cryptographic API, Up: API reference E.10 Compatibility API ====================== The following functions are carried over from old GnuTLS released. They might be removed at a later version. Their prototypes lie in 'gnutls/compat.h'. gnutls_certificate_set_rsa_export_params ---------------------------------------- -- Function: void gnutls_certificate_set_rsa_export_params (gnutls_certificate_credentials_t RES, gnutls_rsa_params_t RSA_PARAMS) RES: is a gnutls_certificate_credentials_t structure RSA_PARAMS: is a structure that holds temporary RSA parameters. This function will set the temporary RSA parameters for a certificate server to use. These parameters will be used in RSA-EXPORT cipher suites. gnutls_certificate_type_set_priority ------------------------------------ -- Function: int gnutls_certificate_type_set_priority (gnutls_session_t SESSION, const int * LIST) SESSION: is a 'gnutls_session_t' structure. LIST: is a 0 terminated list of gnutls_certificate_type_t elements. Sets the priority on the certificate types supported by gnutls. Priority is higher for elements specified before others. After specifying the types you want, you must append a 0. Note that the certificate type priority is set on the client. The server does not use the cert type priority except for disabling types that were not specified. *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code. gnutls_cipher_set_priority -------------------------- -- Function: int gnutls_cipher_set_priority (gnutls_session_t SESSION, const int * LIST) SESSION: is a 'gnutls_session_t' structure. LIST: is a 0 terminated list of gnutls_cipher_algorithm_t elements. Sets the priority on the ciphers supported by gnutls. Priority is higher for elements specified before others. After specifying the ciphers you want, you must append a 0. Note that the priority is set on the client. The server does not use the algorithm's priority except for disabling algorithms that were not specified. *Returns:* 'GNUTLS_E_SUCCESS' (0) on success, or a negative error code. gnutls_compression_set_priority ------------------------------- -- Function: int gnutls_compression_set_priority (gnutls_session_t SESSION, const int * LIST) SESSION: is a 'gnutls_session_t' structure. LIST: is a 0 terminated list of gnutls_compression_method_t elements. Sets the priority on the compression algorithms supported by gnutls. Priority is higher for elements specified before others. After specifying the algorithms you want, you must append a 0. Note that the priority is set on the client. The server does not use the algorithm's priority except for disabling algorithms that were not specified. TLS 1.0 does not define any compression algorithms except NULL. Other compression algorithms are to be considered as gnutls extensions. *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code. gnutls_kx_set_priority ---------------------- -- Function: int gnutls_kx_set_priority (gnutls_session_t SESSION, const int * LIST) SESSION: is a 'gnutls_session_t' structure. LIST: is a 0 terminated list of gnutls_kx_algorithm_t elements. Sets the priority on the key exchange algorithms supported by gnutls. Priority is higher for elements specified before others. After specifying the algorithms you want, you must append a 0. Note that the priority is set on the client. The server does not use the algorithm's priority except for disabling algorithms that were not specified. *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code. gnutls_mac_set_priority ----------------------- -- Function: int gnutls_mac_set_priority (gnutls_session_t SESSION, const int * LIST) SESSION: is a 'gnutls_session_t' structure. LIST: is a 0 terminated list of gnutls_mac_algorithm_t elements. Sets the priority on the mac algorithms supported by gnutls. Priority is higher for elements specified before others. After specifying the algorithms you want, you must append a 0. Note that the priority is set on the client. The server does not use the algorithm's priority except for disabling algorithms that were not specified. *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code. gnutls_openpgp_privkey_sign_hash -------------------------------- -- Function: int gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t KEY, const gnutls_datum_t * HASH, gnutls_datum_t * SIGNATURE) KEY: Holds the key HASH: holds the data to be signed SIGNATURE: will contain newly allocated signature This function will sign the given hash using the private key. You should use 'gnutls_openpgp_privkey_set_preferred_key_id()' before calling this function to set the subkey to use. *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned, otherwise a negative error value. *Deprecated:* Use 'gnutls_privkey_sign_hash()' instead. gnutls_protocol_set_priority ---------------------------- -- Function: int gnutls_protocol_set_priority (gnutls_session_t SESSION, const int * LIST) SESSION: is a 'gnutls_session_t' structure. LIST: is a 0 terminated list of gnutls_protocol_t elements. Sets the priority on the protocol versions supported by gnutls. This function actually enables or disables protocols. Newer protocol versions always have highest priority. *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code. gnutls_rsa_export_get_modulus_bits ---------------------------------- -- Function: int gnutls_rsa_export_get_modulus_bits (gnutls_session_t SESSION) SESSION: is a gnutls session Get the export RSA parameter's modulus size. *Returns:* The bits used in the last RSA-EXPORT key exchange with the peer, or a negative error code in case of error. gnutls_rsa_export_get_pubkey ---------------------------- -- Function: int gnutls_rsa_export_get_pubkey (gnutls_session_t SESSION, gnutls_datum_t * EXPONENT, gnutls_datum_t * MODULUS) SESSION: is a gnutls session EXPONENT: will hold the exponent. MODULUS: will hold the modulus. This function will return the peer's public key exponent and modulus used in the last RSA-EXPORT authentication. The output parameters must be freed with 'gnutls_free()' . *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned, otherwise an error code is returned. gnutls_rsa_params_cpy --------------------- -- Function: int gnutls_rsa_params_cpy (gnutls_rsa_params_t DST, gnutls_rsa_params_t SRC) DST: Is the destination structure, which should be initialized. SRC: Is the source structure This function will copy the RSA parameters structure from source to destination. *Returns:* 'GNUTLS_E_SUCCESS' on success, or an negative error code. gnutls_rsa_params_deinit ------------------------ -- Function: void gnutls_rsa_params_deinit (gnutls_rsa_params_t RSA_PARAMS) RSA_PARAMS: Is a structure that holds the parameters This function will deinitialize the RSA parameters structure. gnutls_rsa_params_export_pkcs1 ------------------------------ -- Function: int gnutls_rsa_params_export_pkcs1 (gnutls_rsa_params_t PARAMS, gnutls_x509_crt_fmt_t FORMAT, unsigned char * PARAMS_DATA, size_t * PARAMS_DATA_SIZE) PARAMS: Holds the RSA parameters FORMAT: the format of output params. One of PEM or DER. PARAMS_DATA: will contain a PKCS1 RSAPublicKey structure PEM or DER encoded PARAMS_DATA_SIZE: holds the size of params_data (and will be replaced by the actual size of parameters) This function will export the given RSA parameters to a PKCS1 RSAPublicKey structure. If the buffer provided is not long enough to hold the output, then GNUTLS_E_SHORT_MEMORY_BUFFER will be returned. If the structure is PEM encoded, it will have a header of "BEGIN RSA PRIVATE KEY". *Returns:* 'GNUTLS_E_SUCCESS' on success, or an negative error code. gnutls_rsa_params_export_raw ---------------------------- -- Function: int gnutls_rsa_params_export_raw (gnutls_rsa_params_t RSA, gnutls_datum_t * M, gnutls_datum_t * E, gnutls_datum_t * D, gnutls_datum_t * P, gnutls_datum_t * Q, gnutls_datum_t * U, unsigned int * BITS) RSA: a structure that holds the rsa parameters M: will hold the modulus E: will hold the public exponent D: will hold the private exponent P: will hold the first prime (p) Q: will hold the second prime (q) U: will hold the coefficient BITS: if non null will hold the prime's number of bits This function will export the RSA parameters found in the given structure. The new parameters will be allocated using 'gnutls_malloc()' and will be stored in the appropriate datum. *Returns:* 'GNUTLS_E_SUCCESS' on success, or an negative error code. gnutls_rsa_params_generate2 --------------------------- -- Function: int gnutls_rsa_params_generate2 (gnutls_rsa_params_t PARAMS, unsigned int BITS) PARAMS: The structure where the parameters will be stored BITS: is the prime's number of bits This function will generate new temporary RSA parameters for use in RSA-EXPORT ciphersuites. This function is normally slow. Note that if the parameters are to be used in export cipher suites the bits value should be 512 or less. Also note that the generation of new RSA parameters is only useful to servers. Clients use the parameters sent by the server, thus it's no use calling this in client side. *Returns:* 'GNUTLS_E_SUCCESS' on success, or an negative error code. gnutls_rsa_params_import_pkcs1 ------------------------------ -- Function: int gnutls_rsa_params_import_pkcs1 (gnutls_rsa_params_t PARAMS, const gnutls_datum_t * PKCS1_PARAMS, gnutls_x509_crt_fmt_t FORMAT) PARAMS: A structure where the parameters will be copied to PKCS1_PARAMS: should contain a PKCS1 RSAPublicKey structure PEM or DER encoded FORMAT: the format of params. PEM or DER. This function will extract the RSAPublicKey found in a PKCS1 formatted structure. If the structure is PEM encoded, it should have a header of "BEGIN RSA PRIVATE KEY". *Returns:* 'GNUTLS_E_SUCCESS' on success, or an negative error code. gnutls_rsa_params_import_raw ---------------------------- -- Function: int gnutls_rsa_params_import_raw (gnutls_rsa_params_t RSA_PARAMS, const gnutls_datum_t * M, const gnutls_datum_t * E, const gnutls_datum_t * D, const gnutls_datum_t * P, const gnutls_datum_t * Q, const gnutls_datum_t * U) RSA_PARAMS: Is a structure will hold the parameters M: holds the modulus E: holds the public exponent D: holds the private exponent P: holds the first prime (p) Q: holds the second prime (q) U: holds the coefficient This function will replace the parameters in the given structure. The new parameters should be stored in the appropriate gnutls_datum. *Returns:* 'GNUTLS_E_SUCCESS' on success, or an negative error code. gnutls_rsa_params_init ---------------------- -- Function: int gnutls_rsa_params_init (gnutls_rsa_params_t * RSA_PARAMS) RSA_PARAMS: Is a structure that will hold the parameters This function will initialize the temporary RSA parameters structure. *Returns:* 'GNUTLS_E_SUCCESS' on success, or an negative error code. gnutls_set_default_export_priority ---------------------------------- -- Function: int gnutls_set_default_export_priority (gnutls_session_t SESSION) SESSION: is a 'gnutls_session_t' structure. Sets some default priority on the ciphers, key exchange methods, macs and compression methods. This function also includes weak algorithms. This is the same as calling: gnutls_priority_set_direct (session, "EXPORT", NULL); This function is kept around for backwards compatibility, but because of its wide use it is still fully supported. If you wish to allow users to provide a string that specify which ciphers to use (which is recommended), you should use 'gnutls_priority_set_direct()' or 'gnutls_priority_set()' instead. *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code. gnutls_sign_callback_get ------------------------ -- Function: gnutls_sign_func gnutls_sign_callback_get (gnutls_session_t SESSION, void ** USERDATA) SESSION: is a gnutls session USERDATA: if non-'NULL' , will be set to abstract callback pointer. Retrieve the callback function, and its userdata pointer. *Returns:* The function pointer set by 'gnutls_sign_callback_set()' , or if not set, 'NULL' . *Deprecated:* Use the PKCS 11 interfaces instead. gnutls_sign_callback_set ------------------------ -- Function: void gnutls_sign_callback_set (gnutls_session_t SESSION, gnutls_sign_func SIGN_FUNC, void * USERDATA) SESSION: is a gnutls session SIGN_FUNC: function pointer to application's sign callback. USERDATA: void pointer that will be passed to sign callback. Set the callback function. The function must have this prototype: typedef int (*gnutls_sign_func) (gnutls_session_t session, void *userdata, gnutls_certificate_type_t cert_type, const gnutls_datum_t * cert, const gnutls_datum_t * hash, gnutls_datum_t * signature); The 'userdata' parameter is passed to the 'sign_func' verbatim, and can be used to store application-specific data needed in the callback function. See also 'gnutls_sign_callback_get()' . *Deprecated:* Use the PKCS 11 or 'gnutls_privkey_t' interfacess like 'gnutls_privkey_import_ext()' instead. gnutls_x509_crl_sign -------------------- -- Function: int gnutls_x509_crl_sign (gnutls_x509_crl_t CRL, gnutls_x509_crt_t ISSUER, gnutls_x509_privkey_t ISSUER_KEY) CRL: should contain a gnutls_x509_crl_t structure ISSUER: is the certificate of the certificate issuer ISSUER_KEY: holds the issuer's private key This function is the same a 'gnutls_x509_crl_sign2()' with no flags, and SHA1 as the hash algorithm. *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned, otherwise a negative error value. *Deprecated:* Use 'gnutls_x509_crl_privkey_sign()' . gnutls_x509_crq_sign -------------------- -- Function: int gnutls_x509_crq_sign (gnutls_x509_crq_t CRQ, gnutls_x509_privkey_t KEY) CRQ: should contain a 'gnutls_x509_crq_t' structure KEY: holds a private key This function is the same a 'gnutls_x509_crq_sign2()' with no flags, and SHA1 as the hash algorithm. *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned, otherwise a negative error value. *Deprecated:* Use 'gnutls_x509_crq_privkey_sign()' instead. gnutls_x509_crt_get_preferred_hash_algorithm -------------------------------------------- -- Function: int gnutls_x509_crt_get_preferred_hash_algorithm (gnutls_x509_crt_t CRT, gnutls_digest_algorithm_t * HASH, unsigned int * MAND) CRT: Holds the certificate HASH: The result of the call with the hash algorithm used for signature MAND: If non (0) it means that the algorithm MUST use this hash. May be NULL. This function will read the certifcate and return the appropriate digest algorithm to use for signing with this certificate. Some certificates (i.e. DSA might not be able to sign without the preferred algorithm). *Deprecated:* Please use 'gnutls_pubkey_get_preferred_hash_algorithm()' . *Returns:* the 0 if the hash algorithm is found. A negative error code is returned on error. *Since:* 2.12.0 gnutls_x509_crt_get_verify_algorithm ------------------------------------ -- Function: int gnutls_x509_crt_get_verify_algorithm (gnutls_x509_crt_t CRT, const gnutls_datum_t * SIGNATURE, gnutls_digest_algorithm_t * HASH) CRT: Holds the certificate SIGNATURE: contains the signature HASH: The result of the call with the hash algorithm used for signature This function will read the certifcate and the signed data to determine the hash algorithm used to generate the signature. *Deprecated:* Use 'gnutls_pubkey_get_verify_algorithm()' instead. *Returns:* the 0 if the hash algorithm is found. A negative error code is returned on error. *Since:* 2.8.0 gnutls_x509_crt_verify_data --------------------------- -- Function: int gnutls_x509_crt_verify_data (gnutls_x509_crt_t CRT, unsigned int FLAGS, const gnutls_datum_t * DATA, const gnutls_datum_t * SIGNATURE) CRT: Holds the certificate FLAGS: should be 0 for now DATA: holds the data to be signed SIGNATURE: contains the signature This function will verify the given signed data, using the parameters from the certificate. Deprecated. Please use 'gnutls_pubkey_verify_data()' . *Returns:* In case of a verification failure 'GNUTLS_E_PK_SIG_VERIFY_FAILED' is returned, and zero or positive code on success. gnutls_x509_crt_verify_hash --------------------------- -- Function: int gnutls_x509_crt_verify_hash (gnutls_x509_crt_t CRT, unsigned int FLAGS, const gnutls_datum_t * HASH, const gnutls_datum_t * SIGNATURE) CRT: Holds the certificate FLAGS: should be 0 for now HASH: holds the hash digest to be verified SIGNATURE: contains the signature This function will verify the given signed digest, using the parameters from the certificate. Deprecated. Please use 'gnutls_pubkey_verify_data2()' or 'gnutls_pubkey_verify_hash2()' . *Returns:* In case of a verification failure 'GNUTLS_E_PK_SIG_VERIFY_FAILED' is returned, and zero or positive code on success. gnutls_x509_privkey_sign_data ----------------------------- -- Function: int gnutls_x509_privkey_sign_data (gnutls_x509_privkey_t KEY, gnutls_digest_algorithm_t DIGEST, unsigned int FLAGS, const gnutls_datum_t * DATA, void * SIGNATURE, size_t * SIGNATURE_SIZE) KEY: Holds the key DIGEST: should be MD5 or SHA1 FLAGS: should be 0 for now DATA: holds the data to be signed SIGNATURE: will contain the signature SIGNATURE_SIZE: holds the size of signature (and will be replaced by the new size) This function will sign the given data using a signature algorithm supported by the private key. Signature algorithms are always used together with a hash functions. Different hash functions may be used for the RSA algorithm, but only SHA-1 for the DSA keys. If the buffer provided is not long enough to hold the output, then * 'signature_size' is updated and 'GNUTLS_E_SHORT_MEMORY_BUFFER' will be returned. Use 'gnutls_x509_crt_get_preferred_hash_algorithm()' to determine the hash algorithm. *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned, otherwise a negative error value. *Deprecated:* Use 'gnutls_privkey_sign_data()' . gnutls_x509_privkey_sign_hash ----------------------------- -- Function: int gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t KEY, const gnutls_datum_t * HASH, gnutls_datum_t * SIGNATURE) KEY: Holds the key HASH: holds the data to be signed SIGNATURE: will contain newly allocated signature This function will sign the given hash using the private key. Do not use this function directly unless you know what it is. Typical signing requires the data to be hashed and stored in special formats (e.g. BER Digest-Info for RSA). *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned, otherwise a negative error value. Deprecated in: 2.12.0  File: gnutls.info, Node: Copying Information, Next: Bibliography, Prev: API reference, Up: Top Appendix F Copying Information ****************************** GNU Free Documentation License ============================== Version 1.3, 3 November 2008 Copyright (C) 2000, 2001, 2002, 2007, 2008 Free Software Foundation, Inc. 'http://fsf.org/' Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. 0. PREAMBLE The purpose of this License is to make a manual, textbook, or other functional and useful document "free" in the sense of freedom: to assure everyone the effective freedom to copy and redistribute it, with or without modifying it, either commercially or noncommercially. Secondarily, this License preserves for the author and publisher a way to get credit for their work, while not being considered responsible for modifications made by others. This License is a kind of "copyleft", which means that derivative works of the document must themselves be free in the same sense. It complements the GNU General Public License, which is a copyleft license designed for free software. We have designed this License in order to use it for manuals for free software, because free software needs free documentation: a free program should come with manuals providing the same freedoms that the software does. But this License is not limited to software manuals; it can be used for any textual work, regardless of subject matter or whether it is published as a printed book. We recommend this License principally for works whose purpose is instruction or reference. 1. APPLICABILITY AND DEFINITIONS This License applies to any manual or other work, in any medium, that contains a notice placed by the copyright holder saying it can be distributed under the terms of this License. Such a notice grants a world-wide, royalty-free license, unlimited in duration, to use that work under the conditions stated herein. The "Document", below, refers to any such manual or work. Any member of the public is a licensee, and is addressed as "you". You accept the license if you copy, modify or distribute the work in a way requiring permission under copyright law. A "Modified Version" of the Document means any work containing the Document or a portion of it, either copied verbatim, or with modifications and/or translated into another language. A "Secondary Section" is a named appendix or a front-matter section of the Document that deals exclusively with the relationship of the publishers or authors of the Document to the Document's overall subject (or to related matters) and contains nothing that could fall directly within that overall subject. (Thus, if the Document is in part a textbook of mathematics, a Secondary Section may not explain any mathematics.) The relationship could be a matter of historical connection with the subject or with related matters, or of legal, commercial, philosophical, ethical or political position regarding them. The "Invariant Sections" are certain Secondary Sections whose titles are designated, as being those of Invariant Sections, in the notice that says that the Document is released under this License. If a section does not fit the above definition of Secondary then it is not allowed to be designated as Invariant. The Document may contain zero Invariant Sections. If the Document does not identify any Invariant Sections then there are none. The "Cover Texts" are certain short passages of text that are listed, as Front-Cover Texts or Back-Cover Texts, in the notice that says that the Document is released under this License. A Front-Cover Text may be at most 5 words, and a Back-Cover Text may be at most 25 words. A "Transparent" copy of the Document means a machine-readable copy, represented in a format whose specification is available to the general public, that is suitable for revising the document straightforwardly with generic text editors or (for images composed of pixels) generic paint programs or (for drawings) some widely available drawing editor, and that is suitable for input to text formatters or for automatic translation to a variety of formats suitable for input to text formatters. A copy made in an otherwise Transparent file format whose markup, or absence of markup, has been arranged to thwart or discourage subsequent modification by readers is not Transparent. An image format is not Transparent if used for any substantial amount of text. A copy that is not "Transparent" is called "Opaque". Examples of suitable formats for Transparent copies include plain ASCII without markup, Texinfo input format, LaTeX input format, SGML or XML using a publicly available DTD, and standard-conforming simple HTML, PostScript or PDF designed for human modification. Examples of transparent image formats include PNG, XCF and JPG. Opaque formats include proprietary formats that can be read and edited only by proprietary word processors, SGML or XML for which the DTD and/or processing tools are not generally available, and the machine-generated HTML, PostScript or PDF produced by some word processors for output purposes only. The "Title Page" means, for a printed book, the title page itself, plus such following pages as are needed to hold, legibly, the material this License requires to appear in the title page. For works in formats which do not have any title page as such, "Title Page" means the text near the most prominent appearance of the work's title, preceding the beginning of the body of the text. The "publisher" means any person or entity that distributes copies of the Document to the public. A section "Entitled XYZ" means a named subunit of the Document whose title either is precisely XYZ or contains XYZ in parentheses following text that translates XYZ in another language. (Here XYZ stands for a specific section name mentioned below, such as "Acknowledgements", "Dedications", "Endorsements", or "History".) To "Preserve the Title" of such a section when you modify the Document means that it remains a section "Entitled XYZ" according to this definition. The Document may include Warranty Disclaimers next to the notice which states that this License applies to the Document. These Warranty Disclaimers are considered to be included by reference in this License, but only as regards disclaiming warranties: any other implication that these Warranty Disclaimers may have is void and has no effect on the meaning of this License. 2. VERBATIM COPYING You may copy and distribute the Document in any medium, either commercially or noncommercially, provided that this License, the copyright notices, and the license notice saying this License applies to the Document are reproduced in all copies, and that you add no other conditions whatsoever to those of this License. You may not use technical measures to obstruct or control the reading or further copying of the copies you make or distribute. However, you may accept compensation in exchange for copies. If you distribute a large enough number of copies you must also follow the conditions in section 3. You may also lend copies, under the same conditions stated above, and you may publicly display copies. 3. COPYING IN QUANTITY If you publish printed copies (or copies in media that commonly have printed covers) of the Document, numbering more than 100, and the Document's license notice requires Cover Texts, you must enclose the copies in covers that carry, clearly and legibly, all these Cover Texts: Front-Cover Texts on the front cover, and Back-Cover Texts on the back cover. Both covers must also clearly and legibly identify you as the publisher of these copies. The front cover must present the full title with all words of the title equally prominent and visible. You may add other material on the covers in addition. Copying with changes limited to the covers, as long as they preserve the title of the Document and satisfy these conditions, can be treated as verbatim copying in other respects. If the required texts for either cover are too voluminous to fit legibly, you should put the first ones listed (as many as fit reasonably) on the actual cover, and continue the rest onto adjacent pages. If you publish or distribute Opaque copies of the Document numbering more than 100, you must either include a machine-readable Transparent copy along with each Opaque copy, or state in or with each Opaque copy a computer-network location from which the general network-using public has access to download using public-standard network protocols a complete Transparent copy of the Document, free of added material. If you use the latter option, you must take reasonably prudent steps, when you begin distribution of Opaque copies in quantity, to ensure that this Transparent copy will remain thus accessible at the stated location until at least one year after the last time you distribute an Opaque copy (directly or through your agents or retailers) of that edition to the public. It is requested, but not required, that you contact the authors of the Document well before redistributing any large number of copies, to give them a chance to provide you with an updated version of the Document. 4. MODIFICATIONS You may copy and distribute a Modified Version of the Document under the conditions of sections 2 and 3 above, provided that you release the Modified Version under precisely this License, with the Modified Version filling the role of the Document, thus licensing distribution and modification of the Modified Version to whoever possesses a copy of it. In addition, you must do these things in the Modified Version: A. Use in the Title Page (and on the covers, if any) a title distinct from that of the Document, and from those of previous versions (which should, if there were any, be listed in the History section of the Document). You may use the same title as a previous version if the original publisher of that version gives permission. B. List on the Title Page, as authors, one or more persons or entities responsible for authorship of the modifications in the Modified Version, together with at least five of the principal authors of the Document (all of its principal authors, if it has fewer than five), unless they release you from this requirement. C. State on the Title page the name of the publisher of the Modified Version, as the publisher. D. Preserve all the copyright notices of the Document. E. Add an appropriate copyright notice for your modifications adjacent to the other copyright notices. F. Include, immediately after the copyright notices, a license notice giving the public permission to use the Modified Version under the terms of this License, in the form shown in the Addendum below. G. Preserve in that license notice the full lists of Invariant Sections and required Cover Texts given in the Document's license notice. H. Include an unaltered copy of this License. I. Preserve the section Entitled "History", Preserve its Title, and add to it an item stating at least the title, year, new authors, and publisher of the Modified Version as given on the Title Page. If there is no section Entitled "History" in the Document, create one stating the title, year, authors, and publisher of the Document as given on its Title Page, then add an item describing the Modified Version as stated in the previous sentence. J. Preserve the network location, if any, given in the Document for public access to a Transparent copy of the Document, and likewise the network locations given in the Document for previous versions it was based on. These may be placed in the "History" section. You may omit a network location for a work that was published at least four years before the Document itself, or if the original publisher of the version it refers to gives permission. K. For any section Entitled "Acknowledgements" or "Dedications", Preserve the Title of the section, and preserve in the section all the substance and tone of each of the contributor acknowledgements and/or dedications given therein. L. Preserve all the Invariant Sections of the Document, unaltered in their text and in their titles. Section numbers or the equivalent are not considered part of the section titles. M. Delete any section Entitled "Endorsements". Such a section may not be included in the Modified Version. N. Do not retitle any existing section to be Entitled "Endorsements" or to conflict in title with any Invariant Section. O. Preserve any Warranty Disclaimers. If the Modified Version includes new front-matter sections or appendices that qualify as Secondary Sections and contain no material copied from the Document, you may at your option designate some or all of these sections as invariant. To do this, add their titles to the list of Invariant Sections in the Modified Version's license notice. These titles must be distinct from any other section titles. You may add a section Entitled "Endorsements", provided it contains nothing but endorsements of your Modified Version by various parties--for example, statements of peer review or that the text has been approved by an organization as the authoritative definition of a standard. You may add a passage of up to five words as a Front-Cover Text, and a passage of up to 25 words as a Back-Cover Text, to the end of the list of Cover Texts in the Modified Version. Only one passage of Front-Cover Text and one of Back-Cover Text may be added by (or through arrangements made by) any one entity. If the Document already includes a cover text for the same cover, previously added by you or by arrangement made by the same entity you are acting on behalf of, you may not add another; but you may replace the old one, on explicit permission from the previous publisher that added the old one. The author(s) and publisher(s) of the Document do not by this License give permission to use their names for publicity for or to assert or imply endorsement of any Modified Version. 5. COMBINING DOCUMENTS You may combine the Document with other documents released under this License, under the terms defined in section 4 above for modified versions, provided that you include in the combination all of the Invariant Sections of all of the original documents, unmodified, and list them all as Invariant Sections of your combined work in its license notice, and that you preserve all their Warranty Disclaimers. The combined work need only contain one copy of this License, and multiple identical Invariant Sections may be replaced with a single copy. If there are multiple Invariant Sections with the same name but different contents, make the title of each such section unique by adding at the end of it, in parentheses, the name of the original author or publisher of that section if known, or else a unique number. Make the same adjustment to the section titles in the list of Invariant Sections in the license notice of the combined work. In the combination, you must combine any sections Entitled "History" in the various original documents, forming one section Entitled "History"; likewise combine any sections Entitled "Acknowledgements", and any sections Entitled "Dedications". You must delete all sections Entitled "Endorsements." 6. COLLECTIONS OF DOCUMENTS You may make a collection consisting of the Document and other documents released under this License, and replace the individual copies of this License in the various documents with a single copy that is included in the collection, provided that you follow the rules of this License for verbatim copying of each of the documents in all other respects. You may extract a single document from such a collection, and distribute it individually under this License, provided you insert a copy of this License into the extracted document, and follow this License in all other respects regarding verbatim copying of that document. 7. AGGREGATION WITH INDEPENDENT WORKS A compilation of the Document or its derivatives with other separate and independent documents or works, in or on a volume of a storage or distribution medium, is called an "aggregate" if the copyright resulting from the compilation is not used to limit the legal rights of the compilation's users beyond what the individual works permit. When the Document is included in an aggregate, this License does not apply to the other works in the aggregate which are not themselves derivative works of the Document. If the Cover Text requirement of section 3 is applicable to these copies of the Document, then if the Document is less than one half of the entire aggregate, the Document's Cover Texts may be placed on covers that bracket the Document within the aggregate, or the electronic equivalent of covers if the Document is in electronic form. Otherwise they must appear on printed covers that bracket the whole aggregate. 8. TRANSLATION Translation is considered a kind of modification, so you may distribute translations of the Document under the terms of section 4. Replacing Invariant Sections with translations requires special permission from their copyright holders, but you may include translations of some or all Invariant Sections in addition to the original versions of these Invariant Sections. You may include a translation of this License, and all the license notices in the Document, and any Warranty Disclaimers, provided that you also include the original English version of this License and the original versions of those notices and disclaimers. In case of a disagreement between the translation and the original version of this License or a notice or disclaimer, the original version will prevail. If a section in the Document is Entitled "Acknowledgements", "Dedications", or "History", the requirement (section 4) to Preserve its Title (section 1) will typically require changing the actual title. 9. TERMINATION You may not copy, modify, sublicense, or distribute the Document except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, or distribute it is void, and will automatically terminate your rights under this License. However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation. Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice. Termination of your rights under this section does not terminate the licenses of parties who have received copies or rights from you under this License. If your rights have been terminated and not permanently reinstated, receipt of a copy of some or all of the same material does not give you any rights to use it. 10. FUTURE REVISIONS OF THIS LICENSE The Free Software Foundation may publish new, revised versions of the GNU Free Documentation License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. See 'http://www.gnu.org/copyleft/'. Each version of the License is given a distinguishing version number. If the Document specifies that a particular numbered version of this License "or any later version" applies to it, you have the option of following the terms and conditions either of that specified version or of any later version that has been published (not as a draft) by the Free Software Foundation. If the Document does not specify a version number of this License, you may choose any version ever published (not as a draft) by the Free Software Foundation. If the Document specifies that a proxy can decide which future versions of this License can be used, that proxy's public statement of acceptance of a version permanently authorizes you to choose that version for the Document. 11. RELICENSING "Massive Multiauthor Collaboration Site" (or "MMC Site") means any World Wide Web server that publishes copyrightable works and also provides prominent facilities for anybody to edit those works. A public wiki that anybody can edit is an example of such a server. A "Massive Multiauthor Collaboration" (or "MMC") contained in the site means any set of copyrightable works thus published on the MMC site. "CC-BY-SA" means the Creative Commons Attribution-Share Alike 3.0 license published by Creative Commons Corporation, a not-for-profit corporation with a principal place of business in San Francisco, California, as well as future copyleft versions of that license published by that same organization. "Incorporate" means to publish or republish a Document, in whole or in part, as part of another Document. An MMC is "eligible for relicensing" if it is licensed under this License, and if all works that were first published under this License somewhere other than this MMC, and subsequently incorporated in whole or in part into the MMC, (1) had no cover texts or invariant sections, and (2) were thus incorporated prior to November 1, 2008. The operator of an MMC Site may republish an MMC contained in the site under CC-BY-SA on the same site at any time before August 1, 2009, provided the MMC is eligible for relicensing. ADDENDUM: How to use this License for your documents ==================================================== To use this License in a document you have written, include a copy of the License in the document and put the following copyright and license notices just after the title page: Copyright (C) YEAR YOUR NAME. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled ``GNU Free Documentation License''. If you have Invariant Sections, Front-Cover Texts and Back-Cover Texts, replace the "with...Texts." line with this: with the Invariant Sections being LIST THEIR TITLES, with the Front-Cover Texts being LIST, and with the Back-Cover Texts being LIST. If you have Invariant Sections without Cover Texts, or some other combination of the three, merge those two alternatives to suit the situation. If your document contains nontrivial examples of program code, we recommend releasing these examples in parallel under your choice of free software license, such as the GNU General Public License, to permit their use in free software.  File: gnutls.info, Node: Bibliography, Next: Function and Data Index, Prev: Copying Information, Up: Top Bibliography ************ [CBCATT] Bodo Moeller, "Security of CBC Ciphersuites in SSL/TLS: Problems and Countermeasures", 2002, available from 'http://www.openssl.org/~bodo/tls-cbc.txt'. [GPGH] Mike Ashley, "The GNU Privacy Handbook", 2002, available from 'http://www.gnupg.org/gph/en/manual.pdf'. [GUTPKI] Peter Gutmann, "Everything you never wanted to know about PKI but were forced to find out", Available from 'http://www.cs.auckland.ac.nz/~pgut001/'. [KEYPIN] Chris Evans and Chris Palmer, "Public Key Pinning Extension for HTTP", Available from 'http://tools.ietf.org/html/draft-ietf-websec-key-pinning-01'. [NISTSP80057] NIST Special Publication 800-57, "Recommendation for Key Management - Part 1: General (Revised)", March 2007, available from 'http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf'. [RFC2246] Tim Dierks and Christopher Allen, "The TLS Protocol Version 1.0", January 1999, Available from 'http://www.ietf.org/rfc/rfc2246.txt'. [RFC4680] S. Santesson, "TLS Handshake Message for Supplemental Data", September 2006, Available from 'http://www.ietf.org/rfc/rfc4680.txt'. [RFC4514] Kurt D. Zeilenga, "Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names", June 2006, Available from 'http://www.ietf.org/rfc/rfc4513.txt'. [RFC4346] Tim Dierks and Eric Rescorla, "The TLS Protocol Version 1.1", Match 2006, Available from 'http://www.ietf.org/rfc/rfc4346.txt'. [RFC4347] Eric Rescorla and Nagendra Modadugu, "Datagram Transport Layer Security", April 2006, Available from 'http://www.ietf.org/rfc/rfc4347.txt'. [RFC5246] Tim Dierks and Eric Rescorla, "The TLS Protocol Version 1.2", August 2008, Available from 'http://www.ietf.org/rfc/rfc5246.txt'. [RFC2440] Jon Callas, Lutz Donnerhacke, Hal Finney and Rodney Thayer, "OpenPGP Message Format", November 1998, Available from 'http://www.ietf.org/rfc/rfc2440.txt'. [RFC4880] Jon Callas, Lutz Donnerhacke, Hal Finney, David Shaw and Rodney Thayer, "OpenPGP Message Format", November 2007, Available from 'http://www.ietf.org/rfc/rfc4880.txt'. [RFC4211] J. Schaad, "Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF)", September 2005, Available from 'http://www.ietf.org/rfc/rfc4211.txt'. [RFC2817] Rohit Khare and Scott Lawrence, "Upgrading to TLS Within HTTP/1.1", May 2000, Available from 'http://www.ietf.org/rfc/rfc2817.txt' [RFC2818] Eric Rescorla, "HTTP Over TLS", May 2000, Available from 'http://www.ietf/rfc/rfc2818.txt'. [RFC2945] Tom Wu, "The SRP Authentication and Key Exchange System", September 2000, Available from 'http://www.ietf.org/rfc/rfc2945.txt'. [RFC2986] Magnus Nystrom and Burt Kaliski, "PKCS 10 v1.7: Certification Request Syntax Specification", November 2000, Available from 'http://www.ietf.org/rfc/rfc2986.txt'. [PKIX] D. Cooper, S. Santesson, S. Farrel, S. Boeyen, R. Housley, W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", May 2008, available from 'http://www.ietf.org/rfc/rfc5280.txt'. [RFC3749] Scott Hollenbeck, "Transport Layer Security Protocol Compression Methods", May 2004, available from 'http://www.ietf.org/rfc/rfc3749.txt'. [RFC3820] Steven Tuecke, Von Welch, Doug Engert, Laura Pearlman, and Mary Thompson, "Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile", June 2004, available from 'http://www.ietf.org/rfc/rfc3820'. [RFC5746] E. Rescorla, M. Ray, S. Dispensa, and N. Oskov, "Transport Layer Security (TLS) Renegotiation Indication Extension", February 2010, available from 'http://www.ietf.org/rfc/rfc5746'. [TLSTKT] Joseph Salowey, Hao Zhou, Pasi Eronen, Hannes Tschofenig, "Transport Layer Security (TLS) Session Resumption without Server-Side State", January 2008, available from 'http://www.ietf.org/rfc/rfc5077'. [PKCS12] RSA Laboratories, "PKCS 12 v1.0: Personal Information Exchange Syntax", June 1999, Available from 'http://www.rsa.com'. [PKCS11] RSA Laboratories, "PKCS #11 Base Functionality v2.30: Cryptoki – Draft 4", July 2009, Available from 'http://www.rsa.com'. [RESCORLA] Eric Rescorla, "SSL and TLS: Designing and Building Secure Systems", 2001 [SELKEY] Arjen Lenstra and Eric Verheul, "Selecting Cryptographic Key Sizes", 2003, available from 'http://www.win.tue.nl/~klenstra/key.pdf'. [SSL3] Alan Freier, Philip Karlton and Paul Kocher, "The Secure Sockets Layer (SSL) Protocol Version 3.0", August 2011, Available from 'http://www.ietf.org/rfc/rfc6101.txt'. [STEVENS] Richard Stevens, "UNIX Network Programming, Volume 1", Prentice Hall PTR, January 1998 [TLSEXT] Simon Blake-Wilson, Magnus Nystrom, David Hopwood, Jan Mikkelsen and Tim Wright, "Transport Layer Security (TLS) Extensions", June 2003, Available from 'http://www.ietf.org/rfc/rfc3546.txt'. [TLSPGP] Nikos Mavrogiannopoulos, "Using OpenPGP keys for TLS authentication", January 2011. Available from 'http://www.ietf.org/rfc/rfc6091.txt'. [TLSSRP] David Taylor, Trevor Perrin, Tom Wu and Nikos Mavrogiannopoulos, "Using SRP for TLS Authentication", November 2007. Available from 'http://www.ietf.org/rfc/rfc5054.txt'. [TLSPSK] Pasi Eronen and Hannes Tschofenig, "Pre-shared key Ciphersuites for TLS", December 2005, Available from 'http://www.ietf.org/rfc/rfc4279.txt'. [TOMSRP] Tom Wu, "The Stanford SRP Authentication Project", Available at 'http://srp.stanford.edu/'. [WEGER] Arjen Lenstra and Xiaoyun Wang and Benne de Weger, "Colliding X.509 Certificates", Cryptology ePrint Archive, Report 2005/067, Available at 'http://eprint.iacr.org/'. [ECRYPT] European Network of Excellence in Cryptology II, "ECRYPT II Yearly Report on Algorithms and Keysizes (2009-2010)", Available at 'http://www.ecrypt.eu.org/documents/D.SPA.13.pdf'. [RFC5056] N. Williams, "On the Use of Channel Bindings to Secure Channels", November 2007, available from 'http://www.ietf.org/rfc/rfc5056'. [RFC5929] J. Altman, N. Williams, L. Zhu, "Channel Bindings for TLS", July 2010, available from 'http://www.ietf.org/rfc/rfc5929'. [PKCS11URI] J. Pechanec, D. Moffat, "The PKCS#11 URI Scheme", August 2011, Work in progress, available from 'http://tools.ietf.org/html/draft-pechanec-pkcs11uri-05'. [ANDERSON] R. J. Anderson, "Security Engineering: A Guide to Building Dependable Distributed Systems", John Wiley \& Sons, Inc., 2001. [RFC4821] M. Mathis, J. Heffner, "Packetization Layer Path MTU Discovery", March 2007, available from 'http://www.ietf.org/rfc/rfc4821.txt'. [RFC2560] M. Myers et al, "X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP", June 1999, Available from 'http://www.ietf.org/rfc/rfc2560.txt'. [RIVESTCRL] R. L. Rivest, "Can We Eliminate Certificate Revocation Lists?", Proceedings of Financial Cryptography '98; Springer Lecture Notes in Computer Science No. 1465 (Rafael Hirschfeld, ed.), February 1998), pages 178-183, available from 'http://people.csail.mit.edu/rivest/Rivest-CanWeEliminateCertificateRevocationLists.pdf'.  File: gnutls.info, Node: Function and Data Index, Next: Concept Index, Prev: Bibliography, Up: Top Function and Data Index *********************** [index] * Menu: * gnutls_alert_get: Handling alerts. (line 18) * gnutls_alert_get <1>: Core TLS API. (line 11) * gnutls_alert_get_name: Handling alerts. (line 31) * gnutls_alert_get_name <1>: Core TLS API. (line 27) * gnutls_alert_get_strname: Core TLS API. (line 40) * gnutls_alert_send: Handling alerts. (line 45) * gnutls_alert_send <1>: Core TLS API. (line 54) * gnutls_alert_send_appropriate: Core TLS API. (line 78) * gnutls_anon_allocate_client_credentials: Core TLS API. (line 101) * gnutls_anon_allocate_server_credentials: Core TLS API. (line 113) * gnutls_anon_free_client_credentials: Core TLS API. (line 125) * gnutls_anon_free_server_credentials: Core TLS API. (line 135) * gnutls_anon_set_params_function: Core TLS API. (line 145) * gnutls_anon_set_server_dh_params: Core TLS API. (line 159) * gnutls_anon_set_server_params_function: Core TLS API. (line 173) * gnutls_auth_client_get_type: Core TLS API. (line 187) * gnutls_auth_get_type: Core TLS API. (line 201) * gnutls_auth_server_get_type: Core TLS API. (line 219) * gnutls_bye: Data transfer and termination. (line 141) * gnutls_bye <1>: Core TLS API. (line 233) * gnutls_certificate_activation_time_peers: Core TLS API. (line 269) * gnutls_certificate_allocate_credentials: Core TLS API. (line 284) * gnutls_certificate_client_get_request_status: Core TLS API. (line 297) * gnutls_certificate_expiration_time_peers: Core TLS API. (line 310) * gnutls_certificate_free_cas: Core TLS API. (line 341) * gnutls_certificate_free_ca_names: Core TLS API. (line 324) * gnutls_certificate_free_credentials: Core TLS API. (line 353) * gnutls_certificate_free_crls: Core TLS API. (line 367) * gnutls_certificate_free_keys: Core TLS API. (line 377) * gnutls_certificate_get_issuer: Core TLS API. (line 389) * gnutls_certificate_get_ours: Core TLS API. (line 411) * gnutls_certificate_get_peers: Core TLS API. (line 426) * gnutls_certificate_send_x509_rdn_sequence: Certificate credentials. (line 95) * gnutls_certificate_send_x509_rdn_sequence <1>: Core TLS API. (line 448) * gnutls_certificate_server_set_request: Certificate credentials. (line 83) * gnutls_certificate_server_set_request <1>: Core TLS API. (line 466) * gnutls_certificate_set_dh_params: Core TLS API. (line 481) * gnutls_certificate_set_key: Abstract key API. (line 12) * gnutls_certificate_set_openpgp_key: OpenPGP API. (line 12) * gnutls_certificate_set_openpgp_keyring_file: OpenPGP certificates. (line 100) * gnutls_certificate_set_openpgp_keyring_file <1>: OpenPGP API. (line 140) * gnutls_certificate_set_openpgp_keyring_mem: OpenPGP API. (line 160) * gnutls_certificate_set_openpgp_key_file: OpenPGP API. (line 37) * gnutls_certificate_set_openpgp_key_file2: OpenPGP API. (line 58) * gnutls_certificate_set_openpgp_key_mem: OpenPGP API. (line 88) * gnutls_certificate_set_openpgp_key_mem2: OpenPGP API. (line 110) * gnutls_certificate_set_params_function: Parameter generation. (line 52) * gnutls_certificate_set_params_function <1>: Core TLS API. (line 498) * gnutls_certificate_set_retrieve_function: Core TLS API. (line 513) * gnutls_certificate_set_retrieve_function2: Abstract key API. (line 47) * gnutls_certificate_set_rsa_export_params: Compatibility API. (line 13) * gnutls_certificate_set_verify_flags: Core TLS API. (line 558) * gnutls_certificate_set_verify_function: Certificate credentials. (line 155) * gnutls_certificate_set_verify_function <1>: Core TLS API. (line 571) * gnutls_certificate_set_verify_limits: Core TLS API. (line 600) * gnutls_certificate_set_x509_crl: Core TLS API. (line 619) * gnutls_certificate_set_x509_crl_file: Core TLS API. (line 643) * gnutls_certificate_set_x509_crl_mem: Core TLS API. (line 665) * gnutls_certificate_set_x509_key: Core TLS API. (line 687) * gnutls_certificate_set_x509_key_file: Core TLS API. (line 714) * gnutls_certificate_set_x509_key_mem: Core TLS API. (line 744) * gnutls_certificate_set_x509_simple_pkcs12_file: Core TLS API. (line 778) * gnutls_certificate_set_x509_simple_pkcs12_mem: Core TLS API. (line 815) * gnutls_certificate_set_x509_system_trust: Using a PKCS11 token with TLS. (line 14) * gnutls_certificate_set_x509_system_trust <1>: Core TLS API. (line 855) * gnutls_certificate_set_x509_trust: Core TLS API. (line 873) * gnutls_certificate_set_x509_trust_file: Core TLS API. (line 900) * gnutls_certificate_set_x509_trust_mem: Core TLS API. (line 929) * gnutls_certificate_type_get: Core TLS API. (line 954) * gnutls_certificate_type_get_id: Core TLS API. (line 967) * gnutls_certificate_type_get_name: Core TLS API. (line 979) * gnutls_certificate_type_list: Core TLS API. (line 991) * gnutls_certificate_type_set_priority: Compatibility API. (line 27) * gnutls_certificate_verify_flags: Verifying a certificate in the context of TLS session. (line 6) * gnutls_certificate_verify_flags <1>: Verifying a certificate using trust on first use authentication. (line 6) * gnutls_certificate_verify_peers2: Certificate credentials. (line 132) * gnutls_certificate_verify_peers2 <1>: Core TLS API. (line 1004) * gnutls_check_version: Core TLS API. (line 1030) * gnutls_cipher_add_auth: Cryptographic API. (line 12) * gnutls_cipher_decrypt: Cryptographic API. (line 31) * gnutls_cipher_decrypt2: Cryptographic API. (line 49) * gnutls_cipher_deinit: Cryptographic API. (line 72) * gnutls_cipher_encrypt: Cryptographic API. (line 83) * gnutls_cipher_encrypt2: Cryptographic API. (line 101) * gnutls_cipher_get: Core TLS API. (line 1047) * gnutls_cipher_get_block_size: Cryptographic API. (line 124) * gnutls_cipher_get_id: Core TLS API. (line 1059) * gnutls_cipher_get_key_size: Core TLS API. (line 1071) * gnutls_cipher_get_name: Core TLS API. (line 1083) * gnutls_cipher_init: Cryptographic API. (line 137) * gnutls_cipher_list: Core TLS API. (line 1095) * gnutls_cipher_set_iv: Cryptographic API. (line 160) * gnutls_cipher_set_priority: Compatibility API. (line 45) * gnutls_cipher_suite_get_name: Core TLS API. (line 1111) * gnutls_cipher_suite_info: Core TLS API. (line 1129) * gnutls_cipher_tag: Cryptographic API. (line 176) * gnutls_compression_get: Core TLS API. (line 1159) * gnutls_compression_get_id: Core TLS API. (line 1171) * gnutls_compression_get_name: Core TLS API. (line 1183) * gnutls_compression_list: Core TLS API. (line 1195) * gnutls_compression_set_priority: Compatibility API. (line 63) * gnutls_credentials_clear: Core TLS API. (line 1206) * gnutls_credentials_set: Session initialization. (line 41) * gnutls_credentials_set <1>: Core TLS API. (line 1214) * gnutls_db_check_entry: Core TLS API. (line 1249) * gnutls_db_get_ptr: Core TLS API. (line 1265) * gnutls_db_remove_session: Core TLS API. (line 1276) * gnutls_db_set_cache_expiration: Core TLS API. (line 1290) * gnutls_db_set_ptr: Core TLS API. (line 1302) * gnutls_db_set_remove_function: Core TLS API. (line 1314) * gnutls_db_set_retrieve_function: Core TLS API. (line 1329) * gnutls_db_set_store_function: Core TLS API. (line 1349) * gnutls_deinit: Data transfer and termination. (line 174) * gnutls_deinit <1>: Core TLS API. (line 1364) * gnutls_dh_get_group: Core TLS API. (line 1374) * gnutls_dh_get_peers_public_bits: Core TLS API. (line 1394) * gnutls_dh_get_prime_bits: Core TLS API. (line 1408) * gnutls_dh_get_pubkey: Core TLS API. (line 1424) * gnutls_dh_get_secret_bits: Core TLS API. (line 1441) * gnutls_dh_params_cpy: Core TLS API. (line 1454) * gnutls_dh_params_deinit: Core TLS API. (line 1469) * gnutls_dh_params_export_pkcs3: Core TLS API. (line 1478) * gnutls_dh_params_export_raw: Core TLS API. (line 1505) * gnutls_dh_params_generate2: Core TLS API. (line 1527) * gnutls_dh_params_import_pkcs3: Core TLS API. (line 1550) * gnutls_dh_params_import_raw: Core TLS API. (line 1572) * gnutls_dh_params_init: Core TLS API. (line 1591) * gnutls_dh_set_prime_bits: Core TLS API. (line 1602) * gnutls_dtls_cookie_send: Datagram TLS API. (line 11) * gnutls_dtls_cookie_verify: Datagram TLS API. (line 41) * gnutls_dtls_get_data_mtu: Datagram TLS API. (line 68) * gnutls_dtls_get_mtu: Datagram TLS API. (line 83) * gnutls_dtls_get_timeout: Setting up the transport layer. (line 143) * gnutls_dtls_get_timeout <1>: Datagram TLS API. (line 98) * gnutls_dtls_prestate_set: Datagram TLS API. (line 115) * gnutls_dtls_set_data_mtu: Datagram TLS API. (line 129) * gnutls_dtls_set_mtu: Datagram TLS API. (line 152) * gnutls_dtls_set_timeouts: Datagram TLS API. (line 169) * gnutls_ecc_curve_get: Core TLS API. (line 1625) * gnutls_ecc_curve_get_name: Core TLS API. (line 1639) * gnutls_ecc_curve_get_size: Core TLS API. (line 1653) * gnutls_ecc_curve_list: Core TLS API. (line 1665) * gnutls_error_is_fatal: Data transfer and termination. (line 69) * gnutls_error_is_fatal <1>: Core TLS API. (line 1677) * gnutls_error_to_alert: Handling alerts. (line 66) * gnutls_error_to_alert <1>: Core TLS API. (line 1695) * gnutls_fingerprint: Core TLS API. (line 1714) * gnutls_global_deinit: Core TLS API. (line 1741) * gnutls_global_init: Core TLS API. (line 1752) * gnutls_global_set_audit_log_function: Debugging and auditing. (line 23) * gnutls_global_set_audit_log_function <1>: Core TLS API. (line 1782) * gnutls_global_set_log_function: Core TLS API. (line 1801) * gnutls_global_set_log_level: Core TLS API. (line 1816) * gnutls_global_set_mem_functions: Core TLS API. (line 1829) * gnutls_global_set_mutex: Thread safety. (line 37) * gnutls_global_set_mutex <1>: Core TLS API. (line 1861) * gnutls_global_set_time_function: Core TLS API. (line 1886) * gnutls_handshake: TLS handshake. (line 10) * gnutls_handshake <1>: Core TLS API. (line 1900) * gnutls_handshake_get_last_in: Core TLS API. (line 1931) * gnutls_handshake_get_last_out: Core TLS API. (line 1948) * gnutls_handshake_set_max_packet_length: Core TLS API. (line 1965) * gnutls_handshake_set_post_client_hello_function: Core TLS API. (line 1983) * gnutls_handshake_set_private_extensions: Core TLS API. (line 2009) * gnutls_hash: Cryptographic API. (line 194) * gnutls_hash_deinit: Cryptographic API. (line 212) * gnutls_hash_fast: Cryptographic API. (line 226) * gnutls_hash_get_len: Cryptographic API. (line 246) * gnutls_hash_init: Cryptographic API. (line 260) * gnutls_hash_output: Cryptographic API. (line 278) * gnutls_hex2bin: Core TLS API. (line 2028) * gnutls_hex_decode: Core TLS API. (line 2049) * gnutls_hex_encode: Core TLS API. (line 2068) * gnutls_hmac: Cryptographic API. (line 291) * gnutls_hmac_deinit: Cryptographic API. (line 309) * gnutls_hmac_fast: Cryptographic API. (line 323) * gnutls_hmac_get_len: Cryptographic API. (line 348) * gnutls_hmac_init: Cryptographic API. (line 361) * gnutls_hmac_output: Cryptographic API. (line 384) * gnutls_init: Session initialization. (line 14) * gnutls_init <1>: Core TLS API. (line 2085) * gnutls_key_generate: Core TLS API. (line 2107) * gnutls_kx_get: Core TLS API. (line 2124) * gnutls_kx_get_id: Core TLS API. (line 2136) * gnutls_kx_get_name: Core TLS API. (line 2148) * gnutls_kx_list: Core TLS API. (line 2160) * gnutls_kx_set_priority: Compatibility API. (line 86) * gnutls_mac_get: Core TLS API. (line 2172) * gnutls_mac_get_id: Core TLS API. (line 2184) * gnutls_mac_get_key_size: Core TLS API. (line 2197) * gnutls_mac_get_name: Core TLS API. (line 2209) * gnutls_mac_list: Core TLS API. (line 2221) * gnutls_mac_set_priority: Compatibility API. (line 104) * gnutls_ocsp_req_add_cert: OCSP API. (line 12) * gnutls_ocsp_req_add_cert_id: OCSP API. (line 36) * gnutls_ocsp_req_deinit: OCSP API. (line 69) * gnutls_ocsp_req_export: OCSP API. (line 77) * gnutls_ocsp_req_get_cert_id: OCSP API. (line 91) * gnutls_ocsp_req_get_extension: OCSP API. (line 131) * gnutls_ocsp_req_get_nonce: OCSP API. (line 165) * gnutls_ocsp_req_get_version: OCSP API. (line 184) * gnutls_ocsp_req_import: OCSP API. (line 196) * gnutls_ocsp_req_init: OCSP API. (line 212) * gnutls_ocsp_req_print: OCSP API. (line 223) * gnutls_ocsp_req_randomize_nonce: OCSP API. (line 246) * gnutls_ocsp_req_set_extension: OCSP API. (line 259) * gnutls_ocsp_req_set_nonce: OCSP API. (line 280) * gnutls_ocsp_resp_deinit: OCSP API. (line 298) * gnutls_ocsp_resp_export: OCSP API. (line 306) * gnutls_ocsp_resp_get_certs: OCSP API. (line 320) * gnutls_ocsp_resp_get_extension: OCSP API. (line 347) * gnutls_ocsp_resp_get_nonce: OCSP API. (line 381) * gnutls_ocsp_resp_get_produced: OCSP API. (line 401) * gnutls_ocsp_resp_get_responder: OCSP API. (line 413) * gnutls_ocsp_resp_get_response: OCSP API. (line 433) * gnutls_ocsp_resp_get_signature: OCSP API. (line 460) * gnutls_ocsp_resp_get_signature_algorithm: OCSP API. (line 474) * gnutls_ocsp_resp_get_single: OCSP API. (line 488) * gnutls_ocsp_resp_get_status: OCSP API. (line 556) * gnutls_ocsp_resp_get_version: OCSP API. (line 568) * gnutls_ocsp_resp_import: OCSP API. (line 580) * gnutls_ocsp_resp_init: OCSP API. (line 596) * gnutls_ocsp_resp_print: OCSP API. (line 607) * gnutls_ocsp_resp_verify: OCSP API. (line 630) * gnutls_ocsp_resp_verify_direct: OCSP API. (line 668) * gnutls_openpgp_crt_check_hostname: OpenPGP API. (line 182) * gnutls_openpgp_crt_deinit: OpenPGP API. (line 197) * gnutls_openpgp_crt_export: OpenPGP API. (line 205) * gnutls_openpgp_crt_get_auth_subkey: OpenPGP API. (line 226) * gnutls_openpgp_crt_get_creation_time: OpenPGP API. (line 248) * gnutls_openpgp_crt_get_expiration_time: OpenPGP API. (line 259) * gnutls_openpgp_crt_get_fingerprint: OpenPGP API. (line 271) * gnutls_openpgp_crt_get_key_id: OpenPGP API. (line 288) * gnutls_openpgp_crt_get_key_usage: OpenPGP API. (line 303) * gnutls_openpgp_crt_get_name: OpenPGP API. (line 318) * gnutls_openpgp_crt_get_pk_algorithm: OpenPGP API. (line 339) * gnutls_openpgp_crt_get_pk_dsa_raw: OpenPGP API. (line 359) * gnutls_openpgp_crt_get_pk_rsa_raw: OpenPGP API. (line 384) * gnutls_openpgp_crt_get_preferred_key_id: OpenPGP API. (line 405) * gnutls_openpgp_crt_get_revoked_status: OpenPGP API. (line 419) * gnutls_openpgp_crt_get_subkey_count: OpenPGP API. (line 433) * gnutls_openpgp_crt_get_subkey_creation_time: OpenPGP API. (line 448) * gnutls_openpgp_crt_get_subkey_expiration_time: OpenPGP API. (line 463) * gnutls_openpgp_crt_get_subkey_fingerprint: OpenPGP API. (line 479) * gnutls_openpgp_crt_get_subkey_id: OpenPGP API. (line 501) * gnutls_openpgp_crt_get_subkey_idx: OpenPGP API. (line 516) * gnutls_openpgp_crt_get_subkey_pk_algorithm: OpenPGP API. (line 531) * gnutls_openpgp_crt_get_subkey_pk_dsa_raw: OpenPGP API. (line 557) * gnutls_openpgp_crt_get_subkey_pk_rsa_raw: OpenPGP API. (line 584) * gnutls_openpgp_crt_get_subkey_revoked_status: OpenPGP API. (line 607) * gnutls_openpgp_crt_get_subkey_usage: OpenPGP API. (line 624) * gnutls_openpgp_crt_get_version: OpenPGP API. (line 646) * gnutls_openpgp_crt_import: OpenPGP API. (line 658) * gnutls_openpgp_crt_init: OpenPGP API. (line 675) * gnutls_openpgp_crt_print: OpenPGP API. (line 685) * gnutls_openpgp_crt_set_preferred_key_id: OpenPGP API. (line 706) * gnutls_openpgp_crt_verify_ring: OpenPGP certificates. (line 58) * gnutls_openpgp_crt_verify_ring <1>: OpenPGP API. (line 721) * gnutls_openpgp_crt_verify_self: OpenPGP certificates. (line 78) * gnutls_openpgp_crt_verify_self <1>: OpenPGP API. (line 744) * gnutls_openpgp_keyring_check_id: OpenPGP API. (line 761) * gnutls_openpgp_keyring_deinit: OpenPGP API. (line 778) * gnutls_openpgp_keyring_get_crt: OpenPGP API. (line 787) * gnutls_openpgp_keyring_get_crt_count: OpenPGP API. (line 806) * gnutls_openpgp_keyring_import: OpenPGP API. (line 819) * gnutls_openpgp_keyring_init: OpenPGP API. (line 837) * gnutls_openpgp_privkey_deinit: OpenPGP API. (line 848) * gnutls_openpgp_privkey_export: OpenPGP API. (line 857) * gnutls_openpgp_privkey_export_dsa_raw: OpenPGP API. (line 886) * gnutls_openpgp_privkey_export_rsa_raw: OpenPGP API. (line 914) * gnutls_openpgp_privkey_export_subkey_dsa_raw: OpenPGP API. (line 944) * gnutls_openpgp_privkey_export_subkey_rsa_raw: OpenPGP API. (line 974) * gnutls_openpgp_privkey_get_fingerprint: OpenPGP API. (line 1006) * gnutls_openpgp_privkey_get_key_id: OpenPGP API. (line 1025) * gnutls_openpgp_privkey_get_pk_algorithm: OpenPGP API. (line 1040) * gnutls_openpgp_privkey_get_preferred_key_id: OpenPGP API. (line 1063) * gnutls_openpgp_privkey_get_revoked_status: OpenPGP API. (line 1077) * gnutls_openpgp_privkey_get_subkey_count: OpenPGP API. (line 1091) * gnutls_openpgp_privkey_get_subkey_creation_time: OpenPGP API. (line 1106) * gnutls_openpgp_privkey_get_subkey_fingerprint: OpenPGP API. (line 1121) * gnutls_openpgp_privkey_get_subkey_id: OpenPGP API. (line 1143) * gnutls_openpgp_privkey_get_subkey_idx: OpenPGP API. (line 1161) * gnutls_openpgp_privkey_get_subkey_pk_algorithm: OpenPGP API. (line 1177) * gnutls_openpgp_privkey_get_subkey_revoked_status: OpenPGP API. (line 1203) * gnutls_openpgp_privkey_import: OpenPGP API. (line 1219) * gnutls_openpgp_privkey_init: OpenPGP API. (line 1242) * gnutls_openpgp_privkey_sec_param: OpenPGP API. (line 1253) * gnutls_openpgp_privkey_set_preferred_key_id: OpenPGP API. (line 1268) * gnutls_openpgp_privkey_sign_hash: Compatibility API. (line 122) * gnutls_openpgp_send_cert: Core TLS API. (line 2236) * gnutls_openpgp_set_recv_key_function: OpenPGP API. (line 1283) * gnutls_pcert_deinit: Abstract key API. (line 96) * gnutls_pcert_import_openpgp: Abstract key API. (line 106) * gnutls_pcert_import_openpgp_raw: Abstract key API. (line 126) * gnutls_pcert_import_x509: Abstract key API. (line 151) * gnutls_pcert_import_x509_raw: Abstract key API. (line 171) * gnutls_pcert_list_import_x509_raw: Abstract key API. (line 194) * gnutls_pem_base64_decode: Core TLS API. (line 2251) * gnutls_pem_base64_decode_alloc: Core TLS API. (line 2275) * gnutls_pem_base64_encode: Core TLS API. (line 2297) * gnutls_pem_base64_encode_alloc: Core TLS API. (line 2320) * gnutls_perror: Core TLS API. (line 2341) * gnutls_pkcs11_add_provider: PKCS 11 API. (line 12) * gnutls_pkcs11_copy_secret_key: PKCS 11 API. (line 30) * gnutls_pkcs11_copy_x509_crt: Writing objects. (line 36) * gnutls_pkcs11_copy_x509_crt <1>: PKCS 11 API. (line 55) * gnutls_pkcs11_copy_x509_privkey: Writing objects. (line 13) * gnutls_pkcs11_copy_x509_privkey <1>: PKCS 11 API. (line 77) * gnutls_pkcs11_deinit: PKCS 11 API. (line 103) * gnutls_pkcs11_delete_url: Writing objects. (line 55) * gnutls_pkcs11_delete_url <1>: PKCS 11 API. (line 112) * gnutls_pkcs11_init: PKCS11 Initialization. (line 20) * gnutls_pkcs11_init <1>: PKCS 11 API. (line 129) * gnutls_pkcs11_obj_deinit: PKCS 11 API. (line 155) * gnutls_pkcs11_obj_export: PKCS 11 API. (line 165) * gnutls_pkcs11_obj_export_url: PKCS 11 API. (line 193) * gnutls_pkcs11_obj_get_info: Reading objects. (line 27) * gnutls_pkcs11_obj_get_info <1>: PKCS 11 API. (line 211) * gnutls_pkcs11_obj_get_type: PKCS 11 API. (line 236) * gnutls_pkcs11_obj_import_url: PKCS 11 API. (line 250) * gnutls_pkcs11_obj_init: PKCS 11 API. (line 272) * gnutls_pkcs11_obj_list_import_url: PKCS 11 API. (line 285) * gnutls_pkcs11_obj_list_import_url2: PKCS 11 API. (line 311) * gnutls_pkcs11_privkey_deinit: PKCS 11 API. (line 338) * gnutls_pkcs11_privkey_export_url: PKCS 11 API. (line 347) * gnutls_pkcs11_privkey_generate: PKCS 11 API. (line 364) * gnutls_pkcs11_privkey_get_info: PKCS 11 API. (line 389) * gnutls_pkcs11_privkey_get_pk_algorithm: PKCS 11 API. (line 412) * gnutls_pkcs11_privkey_import_url: PKCS 11 API. (line 428) * gnutls_pkcs11_privkey_init: PKCS 11 API. (line 448) * gnutls_pkcs11_reinit: PKCS11 Initialization. (line 55) * gnutls_pkcs11_reinit <1>: PKCS 11 API. (line 460) * gnutls_pkcs11_set_pin_function: PKCS 11 API. (line 474) * gnutls_pkcs11_set_token_function: PKCS 11 API. (line 489) * gnutls_pkcs11_token_get_flags: PKCS 11 API. (line 503) * gnutls_pkcs11_token_get_info: PKCS 11 API. (line 521) * gnutls_pkcs11_token_get_mechanism: PKCS 11 API. (line 544) * gnutls_pkcs11_token_get_url: PKCS 11 API. (line 564) * gnutls_pkcs11_token_init: PKCS 11 API. (line 584) * gnutls_pkcs11_token_set_pin: PKCS 11 API. (line 603) * gnutls_pkcs11_type_get_name: PKCS 11 API. (line 623) * gnutls_pkcs12_bag_decrypt: PKCS 12 API. (line 12) * gnutls_pkcs12_bag_deinit: PKCS 12 API. (line 27) * gnutls_pkcs12_bag_encrypt: PKCS 12 API. (line 35) * gnutls_pkcs12_bag_get_count: PKCS 12 API. (line 52) * gnutls_pkcs12_bag_get_data: PKCS 12 API. (line 64) * gnutls_pkcs12_bag_get_friendly_name: PKCS 12 API. (line 82) * gnutls_pkcs12_bag_get_key_id: PKCS 12 API. (line 101) * gnutls_pkcs12_bag_get_type: PKCS 12 API. (line 120) * gnutls_pkcs12_bag_init: PKCS 12 API. (line 133) * gnutls_pkcs12_bag_set_crl: PKCS 12 API. (line 146) * gnutls_pkcs12_bag_set_crt: PKCS 12 API. (line 161) * gnutls_pkcs12_bag_set_data: PKCS 12 API. (line 176) * gnutls_pkcs12_bag_set_friendly_name: PKCS 12 API. (line 193) * gnutls_pkcs12_bag_set_key_id: PKCS 12 API. (line 213) * gnutls_pkcs12_deinit: PKCS 12 API. (line 233) * gnutls_pkcs12_export: PKCS 12 API. (line 241) * gnutls_pkcs12_generate_mac: PKCS 12 API. (line 269) * gnutls_pkcs12_get_bag: PKCS 12 API. (line 283) * gnutls_pkcs12_import: PKCS 12 API. (line 303) * gnutls_pkcs12_init: PKCS 12 API. (line 326) * gnutls_pkcs12_set_bag: PKCS 12 API. (line 339) * gnutls_pkcs12_verify_mac: PKCS 12 API. (line 353) * gnutls_pkcs7_deinit: X509 certificate API. (line 12) * gnutls_pkcs7_delete_crl: X509 certificate API. (line 20) * gnutls_pkcs7_delete_crt: X509 certificate API. (line 35) * gnutls_pkcs7_export: X509 certificate API. (line 50) * gnutls_pkcs7_get_crl_count: X509 certificate API. (line 77) * gnutls_pkcs7_get_crl_raw: X509 certificate API. (line 89) * gnutls_pkcs7_get_crt_count: X509 certificate API. (line 110) * gnutls_pkcs7_get_crt_raw: X509 certificate API. (line 122) * gnutls_pkcs7_import: X509 certificate API. (line 147) * gnutls_pkcs7_init: X509 certificate API. (line 167) * gnutls_pkcs7_set_crl: X509 certificate API. (line 180) * gnutls_pkcs7_set_crl_raw: X509 certificate API. (line 195) * gnutls_pkcs7_set_crt: X509 certificate API. (line 209) * gnutls_pkcs7_set_crt_raw: X509 certificate API. (line 225) * gnutls_pk_algorithm_get_name: Core TLS API. (line 2350) * gnutls_pk_bits_to_sec_param: Selecting cryptographic key sizes. (line 73) * gnutls_pk_bits_to_sec_param <1>: Core TLS API. (line 2362) * gnutls_pk_get_id: Core TLS API. (line 2379) * gnutls_pk_get_name: Core TLS API. (line 2394) * gnutls_pk_list: Core TLS API. (line 2408) * gnutls_pk_to_sign: Core TLS API. (line 2422) * gnutls_prf: Core TLS API. (line 2437) * gnutls_prf_raw: Core TLS API. (line 2479) * gnutls_priority_certificate_type_list: Core TLS API. (line 2518) * gnutls_priority_compression_list: Core TLS API. (line 2534) * gnutls_priority_deinit: Core TLS API. (line 2550) * gnutls_priority_ecc_curve_list: Core TLS API. (line 2559) * gnutls_priority_get_cipher_suite_index: Core TLS API. (line 2574) * gnutls_priority_init: Core TLS API. (line 2597) * gnutls_priority_protocol_list: Core TLS API. (line 2667) * gnutls_priority_set: Core TLS API. (line 2683) * gnutls_priority_set_direct: Core TLS API. (line 2697) * gnutls_priority_sign_list: Core TLS API. (line 2718) * gnutls_privkey_decrypt_data: Operations. (line 126) * gnutls_privkey_decrypt_data <1>: Abstract key API. (line 225) * gnutls_privkey_deinit: Abstract key API. (line 248) * gnutls_privkey_get_pk_algorithm: Abstract key API. (line 258) * gnutls_privkey_get_type: Abstract key API. (line 277) * gnutls_privkey_import_ext: Abstract private keys. (line 23) * gnutls_privkey_import_ext <1>: Abstract key API. (line 292) * gnutls_privkey_import_openpgp: Abstract key API. (line 320) * gnutls_privkey_import_pkcs11: Abstract key API. (line 347) * gnutls_privkey_import_x509: Abstract key API. (line 373) * gnutls_privkey_init: Abstract key API. (line 399) * gnutls_privkey_sign_data: Operations. (line 71) * gnutls_privkey_sign_data <1>: Abstract key API. (line 412) * gnutls_privkey_sign_hash: Operations. (line 99) * gnutls_privkey_sign_hash <1>: Abstract key API. (line 443) * gnutls_protocol_get_id: Core TLS API. (line 2734) * gnutls_protocol_get_name: Core TLS API. (line 2746) * gnutls_protocol_get_version: Core TLS API. (line 2758) * gnutls_protocol_list: Core TLS API. (line 2769) * gnutls_protocol_set_priority: Compatibility API. (line 143) * gnutls_psk_allocate_client_credentials: Core TLS API. (line 2781) * gnutls_psk_allocate_server_credentials: Core TLS API. (line 2794) * gnutls_psk_client_get_hint: Core TLS API. (line 2807) * gnutls_psk_free_client_credentials: Core TLS API. (line 2823) * gnutls_psk_free_server_credentials: Core TLS API. (line 2833) * gnutls_psk_server_get_username: Core TLS API. (line 2843) * gnutls_psk_set_client_credentials: Core TLS API. (line 2855) * gnutls_psk_set_client_credentials_function: PSK credentials. (line 22) * gnutls_psk_set_client_credentials_function <1>: Core TLS API. (line 2880) * gnutls_psk_set_params_function: Core TLS API. (line 2904) * gnutls_psk_set_server_credentials_file: PSK credentials. (line 58) * gnutls_psk_set_server_credentials_file <1>: Core TLS API. (line 2918) * gnutls_psk_set_server_credentials_function: Core TLS API. (line 2935) * gnutls_psk_set_server_credentials_hint: Core TLS API. (line 2960) * gnutls_psk_set_server_dh_params: Core TLS API. (line 2979) * gnutls_psk_set_server_params_function: Core TLS API. (line 2993) * gnutls_pubkey_deinit: Abstract key API. (line 473) * gnutls_pubkey_encrypt_data: Operations. (line 53) * gnutls_pubkey_encrypt_data <1>: Abstract key API. (line 483) * gnutls_pubkey_export: Abstract public keys. (line 32) * gnutls_pubkey_export <1>: Abstract key API. (line 504) * gnutls_pubkey_get_key_id: Abstract key API. (line 535) * gnutls_pubkey_get_key_usage: Abstract key API. (line 564) * gnutls_pubkey_get_openpgp_key_id: Abstract key API. (line 581) * gnutls_pubkey_get_pk_algorithm: Abstract key API. (line 612) * gnutls_pubkey_get_pk_dsa_raw: Abstract key API. (line 631) * gnutls_pubkey_get_pk_ecc_raw: Abstract key API. (line 656) * gnutls_pubkey_get_pk_ecc_x962: Abstract key API. (line 679) * gnutls_pubkey_get_pk_rsa_raw: Abstract key API. (line 699) * gnutls_pubkey_get_preferred_hash_algorithm: Abstract key API. (line 719) * gnutls_pubkey_get_verify_algorithm: Abstract key API. (line 743) * gnutls_pubkey_import: Abstract key API. (line 764) * gnutls_pubkey_import_dsa_raw: Abstract key API. (line 785) * gnutls_pubkey_import_ecc_raw: Abstract key API. (line 810) * gnutls_pubkey_import_ecc_x962: Abstract key API. (line 832) * gnutls_pubkey_import_openpgp: Abstract key API. (line 852) * gnutls_pubkey_import_pkcs11: Abstract key API. (line 873) * gnutls_pubkey_import_pkcs11_url: Abstract key API. (line 892) * gnutls_pubkey_import_privkey: Abstract key API. (line 911) * gnutls_pubkey_import_rsa_raw: Abstract key API. (line 932) * gnutls_pubkey_import_x509: Abstract public keys. (line 11) * gnutls_pubkey_import_x509 <1>: Abstract key API. (line 952) * gnutls_pubkey_init: Abstract key API. (line 971) * gnutls_pubkey_set_key_usage: Abstract key API. (line 984) * gnutls_pubkey_verify_data: Abstract key API. (line 1002) * gnutls_pubkey_verify_data2: Operations. (line 9) * gnutls_pubkey_verify_data2 <1>: Abstract key API. (line 1025) * gnutls_pubkey_verify_hash: Abstract key API. (line 1050) * gnutls_pubkey_verify_hash2: Operations. (line 31) * gnutls_pubkey_verify_hash2 <1>: Abstract key API. (line 1074) * gnutls_random_art: Core TLS API. (line 3007) * gnutls_record_check_pending: Data transfer and termination. (line 124) * gnutls_record_check_pending <1>: Core TLS API. (line 3031) * gnutls_record_disable_padding: Core TLS API. (line 3044) * gnutls_record_get_direction: Asynchronous operation. (line 40) * gnutls_record_get_direction <1>: Core TLS API. (line 3059) * gnutls_record_get_discarded: Datagram TLS API. (line 196) * gnutls_record_get_max_size: Core TLS API. (line 3079) * gnutls_record_recv: Data transfer and termination. (line 40) * gnutls_record_recv <1>: Core TLS API. (line 3091) * gnutls_record_recv_seq: Data transfer and termination. (line 93) * gnutls_record_recv_seq <1>: Core TLS API. (line 3123) * gnutls_record_send: Data transfer and termination. (line 12) * gnutls_record_send <1>: Core TLS API. (line 3150) * gnutls_record_set_max_size: Core TLS API. (line 3181) * gnutls_rehandshake: Core TLS API. (line 3205) * gnutls_rnd: Random number generation. (line 21) * gnutls_rnd <1>: Cryptographic API. (line 397) * gnutls_rsa_export_get_modulus_bits: Compatibility API. (line 158) * gnutls_rsa_export_get_pubkey: Compatibility API. (line 170) * gnutls_rsa_params_cpy: Compatibility API. (line 188) * gnutls_rsa_params_deinit: Compatibility API. (line 203) * gnutls_rsa_params_export_pkcs1: Compatibility API. (line 212) * gnutls_rsa_params_export_raw: Compatibility API. (line 239) * gnutls_rsa_params_generate2: Compatibility API. (line 269) * gnutls_rsa_params_import_pkcs1: Compatibility API. (line 290) * gnutls_rsa_params_import_raw: Compatibility API. (line 312) * gnutls_rsa_params_init: Compatibility API. (line 340) * gnutls_safe_renegotiation_status: Core TLS API. (line 3236) * gnutls_sec_param_get_name: Core TLS API. (line 3251) * gnutls_sec_param_to_pk_bits: Selecting cryptographic key sizes. (line 57) * gnutls_sec_param_to_pk_bits <1>: Core TLS API. (line 3265) * gnutls_server_name_get: Core TLS API. (line 3284) * gnutls_server_name_set: Core TLS API. (line 3321) * gnutls_session_channel_binding: Core TLS API. (line 3348) * gnutls_session_enable_compatibility_mode: Core TLS API. (line 3369) * gnutls_session_get_data: Core TLS API. (line 3383) * gnutls_session_get_data2: Core TLS API. (line 3407) * gnutls_session_get_id: Core TLS API. (line 3429) * gnutls_session_get_ptr: Core TLS API. (line 3453) * gnutls_session_get_random: Core TLS API. (line 3465) * gnutls_session_is_resumed: Session resumption. (line 33) * gnutls_session_is_resumed <1>: Core TLS API. (line 3485) * gnutls_session_resumption_requested: Session resumption. (line 94) * gnutls_session_resumption_requested <1>: Core TLS API. (line 3496) * gnutls_session_set_data: Core TLS API. (line 3509) * gnutls_session_set_premaster: Core TLS API. (line 3532) * gnutls_session_set_ptr: Core TLS API. (line 3567) * gnutls_session_ticket_enable_client: Core TLS API. (line 3580) * gnutls_session_ticket_enable_server: Session resumption. (line 66) * gnutls_session_ticket_enable_server <1>: Core TLS API. (line 3595) * gnutls_session_ticket_key_generate: Session resumption. (line 81) * gnutls_session_ticket_key_generate <1>: Core TLS API. (line 3613) * gnutls_set_default_export_priority: Compatibility API. (line 353) * gnutls_set_default_priority: Core TLS API. (line 3629) * gnutls_sign_algorithm_get_requested: Core TLS API. (line 3650) * gnutls_sign_callback_get: Compatibility API. (line 376) * gnutls_sign_callback_set: Compatibility API. (line 392) * gnutls_sign_get_id: Core TLS API. (line 3677) * gnutls_sign_get_name: Core TLS API. (line 3689) * gnutls_sign_list: Core TLS API. (line 3701) * gnutls_srp_allocate_client_credentials: Core TLS API. (line 3711) * gnutls_srp_allocate_server_credentials: Core TLS API. (line 3724) * gnutls_srp_base64_decode: Core TLS API. (line 3737) * gnutls_srp_base64_decode_alloc: Core TLS API. (line 3759) * gnutls_srp_base64_encode: Core TLS API. (line 3779) * gnutls_srp_base64_encode_alloc: Core TLS API. (line 3801) * gnutls_srp_free_client_credentials: Core TLS API. (line 3822) * gnutls_srp_free_server_credentials: Core TLS API. (line 3832) * gnutls_srp_server_get_username: Core TLS API. (line 3842) * gnutls_srp_set_client_credentials: Core TLS API. (line 3855) * gnutls_srp_set_client_credentials_function: SRP credentials. (line 19) * gnutls_srp_set_client_credentials_function <1>: Core TLS API. (line 3876) * gnutls_srp_set_prime_bits: Core TLS API. (line 3906) * gnutls_srp_set_server_credentials_file: SRP credentials. (line 53) * gnutls_srp_set_server_credentials_file <1>: Core TLS API. (line 3927) * gnutls_srp_set_server_credentials_function: SRP credentials. (line 70) * gnutls_srp_set_server_credentials_function <1>: Core TLS API. (line 3947) * gnutls_srp_verifier: Authentication using SRP. (line 43) * gnutls_srp_verifier <1>: Core TLS API. (line 3981) * gnutls_store_commitment: Verifying a certificate using trust on first use authentication. (line 100) * gnutls_store_commitment <1>: Core TLS API. (line 4010) * gnutls_store_pubkey: Verifying a certificate using trust on first use authentication. (line 62) * gnutls_store_pubkey <1>: Core TLS API. (line 4050) * gnutls_strerror: Core TLS API. (line 4087) * gnutls_strerror_name: Core TLS API. (line 4101) * gnutls_supplemental_get_name: Core TLS API. (line 4116) * gnutls_tdb_deinit: Core TLS API. (line 4129) * gnutls_tdb_init: Core TLS API. (line 4138) * gnutls_tdb_set_store_commitment_func: Core TLS API. (line 4149) * gnutls_tdb_set_store_func: Core TLS API. (line 4166) * gnutls_tdb_set_verify_func: Core TLS API. (line 4181) * gnutls_transport_get_ptr: Core TLS API. (line 4196) * gnutls_transport_get_ptr2: Core TLS API. (line 4209) * gnutls_transport_set_errno: Setting up the transport layer. (line 86) * gnutls_transport_set_errno <1>: Core TLS API. (line 4225) * gnutls_transport_set_errno_function: Core TLS API. (line 4245) * gnutls_transport_set_ptr: Core TLS API. (line 4263) * gnutls_transport_set_ptr2: Setting up the transport layer. (line 11) * gnutls_transport_set_ptr2 <1>: Core TLS API. (line 4276) * gnutls_transport_set_pull_function: Setting up the transport layer. (line 63) * gnutls_transport_set_pull_function <1>: Core TLS API. (line 4293) * gnutls_transport_set_pull_timeout_function: Setting up the transport layer. (line 123) * gnutls_transport_set_pull_timeout_function <1>: Core TLS API. (line 4311) * gnutls_transport_set_push_function: Setting up the transport layer. (line 30) * gnutls_transport_set_push_function <1>: Core TLS API. (line 4334) * gnutls_transport_set_vec_push_function: Setting up the transport layer. (line 47) * gnutls_transport_set_vec_push_function <1>: Core TLS API. (line 4354) * gnutls_verify_stored_pubkey: Verifying a certificate using trust on first use authentication. (line 19) * gnutls_verify_stored_pubkey <1>: Core TLS API. (line 4373) * gnutls_x509_crl_check_issuer: X509 certificate API. (line 240) * gnutls_x509_crl_deinit: X509 certificate API. (line 256) * gnutls_x509_crl_export: X509 certificate API. (line 264) * gnutls_x509_crl_get_authority_key_gn_serial: X509 certificate API. (line 291) * gnutls_x509_crl_get_authority_key_id: X509 certificate API. (line 328) * gnutls_x509_crl_get_crt_count: X509 certificate API. (line 356) * gnutls_x509_crl_get_crt_serial: X509 certificate API. (line 368) * gnutls_x509_crl_get_dn_oid: X509 certificate API. (line 391) * gnutls_x509_crl_get_extension_data: X509 certificate API. (line 414) * gnutls_x509_crl_get_extension_info: X509 certificate API. (line 444) * gnutls_x509_crl_get_extension_oid: X509 certificate API. (line 478) * gnutls_x509_crl_get_issuer_dn: X509 certificate API. (line 503) * gnutls_x509_crl_get_issuer_dn_by_oid: X509 certificate API. (line 525) * gnutls_x509_crl_get_next_update: X509 certificate API. (line 561) * gnutls_x509_crl_get_number: X509 certificate API. (line 575) * gnutls_x509_crl_get_raw_issuer_dn: X509 certificate API. (line 597) * gnutls_x509_crl_get_signature: X509 certificate API. (line 613) * gnutls_x509_crl_get_signature_algorithm: X509 certificate API. (line 631) * gnutls_x509_crl_get_this_update: X509 certificate API. (line 644) * gnutls_x509_crl_get_version: X509 certificate API. (line 655) * gnutls_x509_crl_import: X509 certificate API. (line 665) * gnutls_x509_crl_init: X509 certificate API. (line 685) * gnutls_x509_crl_list_import: X509 certificate API. (line 700) * gnutls_x509_crl_list_import2: X509 certificate API. (line 731) * gnutls_x509_crl_print: X509 certificate API. (line 761) * gnutls_x509_crl_privkey_sign: PKIX certificate revocation lists. (line 77) * gnutls_x509_crl_privkey_sign <1>: Abstract key API. (line 1099) * gnutls_x509_crl_set_authority_key_id: X509 certificate API. (line 781) * gnutls_x509_crl_set_crt: X509 certificate API. (line 802) * gnutls_x509_crl_set_crt_serial: X509 certificate API. (line 820) * gnutls_x509_crl_set_next_update: X509 certificate API. (line 840) * gnutls_x509_crl_set_number: X509 certificate API. (line 854) * gnutls_x509_crl_set_this_update: X509 certificate API. (line 874) * gnutls_x509_crl_set_version: X509 certificate API. (line 888) * gnutls_x509_crl_sign: Compatibility API. (line 417) * gnutls_x509_crl_sign2: PKIX certificate revocation lists. (line 54) * gnutls_x509_crl_sign2 <1>: X509 certificate API. (line 904) * gnutls_x509_crl_verify: X509 certificate API. (line 930) * gnutls_x509_crq_deinit: X509 certificate API. (line 954) * gnutls_x509_crq_export: X509 certificate API. (line 963) * gnutls_x509_crq_get_attribute_by_oid: X509 certificate API. (line 991) * gnutls_x509_crq_get_attribute_data: X509 certificate API. (line 1016) * gnutls_x509_crq_get_attribute_info: X509 certificate API. (line 1045) * gnutls_x509_crq_get_basic_constraints: X509 certificate API. (line 1076) * gnutls_x509_crq_get_challenge_password: X509 certificate API. (line 1106) * gnutls_x509_crq_get_dn: X509 certificate API. (line 1124) * gnutls_x509_crq_get_dn_by_oid: X509 certificate API. (line 1145) * gnutls_x509_crq_get_dn_oid: X509 certificate API. (line 1179) * gnutls_x509_crq_get_extension_by_oid: X509 certificate API. (line 1200) * gnutls_x509_crq_get_extension_data: X509 certificate API. (line 1230) * gnutls_x509_crq_get_extension_info: X509 certificate API. (line 1260) * gnutls_x509_crq_get_key_id: X509 certificate API. (line 1294) * gnutls_x509_crq_get_key_purpose_oid: X509 certificate API. (line 1323) * gnutls_x509_crq_get_key_rsa_raw: X509 certificate API. (line 1351) * gnutls_x509_crq_get_key_usage: X509 certificate API. (line 1371) * gnutls_x509_crq_get_pk_algorithm: X509 certificate API. (line 1397) * gnutls_x509_crq_get_private_key_usage_period: X509 certificate API. (line 1417) * gnutls_x509_crq_get_subject_alt_name: X509 certificate API. (line 1438) * gnutls_x509_crq_get_subject_alt_othername_oid: X509 certificate API. (line 1475) * gnutls_x509_crq_get_version: X509 certificate API. (line 1511) * gnutls_x509_crq_import: X509 certificate API. (line 1523) * gnutls_x509_crq_init: X509 certificate API. (line 1544) * gnutls_x509_crq_print: X509 certificate API. (line 1556) * gnutls_x509_crq_privkey_sign: Abstract key API. (line 1127) * gnutls_x509_crq_set_attribute_by_oid: X509 certificate API. (line 1578) * gnutls_x509_crq_set_basic_constraints: X509 certificate API. (line 1599) * gnutls_x509_crq_set_challenge_password: X509 certificate API. (line 1621) * gnutls_x509_crq_set_dn_by_oid: X509 certificate API. (line 1636) * gnutls_x509_crq_set_key: PKCS 10 certificate requests. (line 29) * gnutls_x509_crq_set_key <1>: X509 certificate API. (line 1665) * gnutls_x509_crq_set_key_purpose_oid: X509 certificate API. (line 1680) * gnutls_x509_crq_set_key_rsa_raw: X509 certificate API. (line 1702) * gnutls_x509_crq_set_key_usage: X509 certificate API. (line 1721) * gnutls_x509_crq_set_private_key_usage_period: X509 certificate API. (line 1737) * gnutls_x509_crq_set_pubkey: Operations. (line 150) * gnutls_x509_crq_set_pubkey <1>: Abstract key API. (line 1156) * gnutls_x509_crq_set_subject_alt_name: X509 certificate API. (line 1754) * gnutls_x509_crq_set_version: X509 certificate API. (line 1779) * gnutls_x509_crq_sign: Compatibility API. (line 436) * gnutls_x509_crq_sign2: PKCS 10 certificate requests. (line 41) * gnutls_x509_crq_sign2 <1>: X509 certificate API. (line 1794) * gnutls_x509_crq_verify: X509 certificate API. (line 1821) * gnutls_x509_crt_check_hostname: X509 certificate API. (line 1840) * gnutls_x509_crt_check_issuer: X509 certificate API. (line 1856) * gnutls_x509_crt_check_revocation: X509 certificate API. (line 1872) * gnutls_x509_crt_cpy_crl_dist_points: X509 certificate API. (line 1889) * gnutls_x509_crt_deinit: X509 certificate API. (line 1905) * gnutls_x509_crt_export: X509 certificate API. (line 1913) * gnutls_x509_crt_get_activation_time: X509 certificate API. (line 1940) * gnutls_x509_crt_get_authority_info_access: X509 certificate API. (line 1952) * gnutls_x509_crt_get_authority_key_gn_serial: X509 certificate API. (line 2029) * gnutls_x509_crt_get_authority_key_id: X509 certificate API. (line 2068) * gnutls_x509_crt_get_basic_constraints: X509 certificate API. (line 2095) * gnutls_x509_crt_get_ca_status: X509 certificate API. (line 2123) * gnutls_x509_crt_get_crl_dist_points: X509 certificate API. (line 2144) * gnutls_x509_crt_get_dn: X.509 distinguished names. (line 14) * gnutls_x509_crt_get_dn <1>: X509 certificate API. (line 2187) * gnutls_x509_crt_get_dn_by_oid: X.509 distinguished names. (line 33) * gnutls_x509_crt_get_dn_by_oid <1>: X509 certificate API. (line 2209) * gnutls_x509_crt_get_dn_oid: X.509 distinguished names. (line 68) * gnutls_x509_crt_get_dn_oid <1>: X509 certificate API. (line 2247) * gnutls_x509_crt_get_expiration_time: X509 certificate API. (line 2272) * gnutls_x509_crt_get_extension_by_oid: X509 certificate API. (line 2284) * gnutls_x509_crt_get_extension_data: X509 certificate API. (line 2312) * gnutls_x509_crt_get_extension_info: X509 certificate API. (line 2340) * gnutls_x509_crt_get_extension_oid: X509 certificate API. (line 2373) * gnutls_x509_crt_get_fingerprint: X509 certificate API. (line 2399) * gnutls_x509_crt_get_issuer: X509 certificate API. (line 2422) * gnutls_x509_crt_get_issuer_alt_name: X509 certificate API. (line 2440) * gnutls_x509_crt_get_issuer_alt_name2: X509 certificate API. (line 2483) * gnutls_x509_crt_get_issuer_alt_othername_oid: X509 certificate API. (line 2521) * gnutls_x509_crt_get_issuer_dn: X509 certificate API. (line 2561) * gnutls_x509_crt_get_issuer_dn_by_oid: X509 certificate API. (line 2583) * gnutls_x509_crt_get_issuer_dn_oid: X509 certificate API. (line 2621) * gnutls_x509_crt_get_issuer_unique_id: X509 certificate API. (line 2646) * gnutls_x509_crt_get_key_id: X509 certificate API. (line 2670) * gnutls_x509_crt_get_key_purpose_oid: X509 certificate API. (line 2697) * gnutls_x509_crt_get_key_usage: X509 certificate API. (line 2727) * gnutls_x509_crt_get_pk_algorithm: X509 certificate API. (line 2751) * gnutls_x509_crt_get_pk_dsa_raw: X509 certificate API. (line 2771) * gnutls_x509_crt_get_pk_rsa_raw: X509 certificate API. (line 2794) * gnutls_x509_crt_get_preferred_hash_algorithm: Compatibility API. (line 453) * gnutls_x509_crt_get_private_key_usage_period: X509 certificate API. (line 2812) * gnutls_x509_crt_get_proxy: X509 certificate API. (line 2834) * gnutls_x509_crt_get_raw_dn: X509 certificate API. (line 2861) * gnutls_x509_crt_get_raw_issuer_dn: X509 certificate API. (line 2877) * gnutls_x509_crt_get_serial: X509 certificate API. (line 2892) * gnutls_x509_crt_get_signature: X509 certificate API. (line 2912) * gnutls_x509_crt_get_signature_algorithm: X509 certificate API. (line 2930) * gnutls_x509_crt_get_subject: X.509 distinguished names. (line 94) * gnutls_x509_crt_get_subject <1>: X509 certificate API. (line 2944) * gnutls_x509_crt_get_subject_alt_name: X509 certificate API. (line 2962) * gnutls_x509_crt_get_subject_alt_name2: X509 certificate API. (line 3002) * gnutls_x509_crt_get_subject_alt_othername_oid: X509 certificate API. (line 3038) * gnutls_x509_crt_get_subject_key_id: X509 certificate API. (line 3076) * gnutls_x509_crt_get_subject_unique_id: X509 certificate API. (line 3098) * gnutls_x509_crt_get_verify_algorithm: Compatibility API. (line 480) * gnutls_x509_crt_get_version: X509 certificate API. (line 3120) * gnutls_x509_crt_import: X509 certificate API. (line 3131) * gnutls_x509_crt_import_pkcs11: PKCS 11 API. (line 639) * gnutls_x509_crt_import_pkcs11_url: PKCS 11 API. (line 656) * gnutls_x509_crt_init: X509 certificate API. (line 3152) * gnutls_x509_crt_list_import: X509 certificate API. (line 3163) * gnutls_x509_crt_list_import2: X509 certificate API. (line 3199) * gnutls_x509_crt_list_import_pkcs11: PKCS 11 API. (line 676) * gnutls_x509_crt_list_verify: X509 certificate API. (line 3229) * gnutls_x509_crt_print: X509 certificate API. (line 3271) * gnutls_x509_crt_privkey_sign: Abstract key API. (line 1173) * gnutls_x509_crt_set_activation_time: X509 certificate API. (line 3296) * gnutls_x509_crt_set_authority_info_access: X509 certificate API. (line 3311) * gnutls_x509_crt_set_authority_key_id: X509 certificate API. (line 3337) * gnutls_x509_crt_set_basic_constraints: X509 certificate API. (line 3355) * gnutls_x509_crt_set_ca_status: X509 certificate API. (line 3375) * gnutls_x509_crt_set_crl_dist_points: X509 certificate API. (line 3392) * gnutls_x509_crt_set_crl_dist_points2: X509 certificate API. (line 3412) * gnutls_x509_crt_set_crq: X509 certificate API. (line 3437) * gnutls_x509_crt_set_crq_extensions: X509 certificate API. (line 3453) * gnutls_x509_crt_set_dn_by_oid: X509 certificate API. (line 3470) * gnutls_x509_crt_set_expiration_time: X509 certificate API. (line 3499) * gnutls_x509_crt_set_extension_by_oid: X509 certificate API. (line 3513) * gnutls_x509_crt_set_issuer_dn_by_oid: X509 certificate API. (line 3537) * gnutls_x509_crt_set_key: X509 certificate API. (line 3570) * gnutls_x509_crt_set_key_purpose_oid: X509 certificate API. (line 3585) * gnutls_x509_crt_set_key_usage: X509 certificate API. (line 3605) * gnutls_x509_crt_set_private_key_usage_period: X509 certificate API. (line 3619) * gnutls_x509_crt_set_proxy: X509 certificate API. (line 3636) * gnutls_x509_crt_set_proxy_dn: X509 certificate API. (line 3659) * gnutls_x509_crt_set_pubkey: Operations. (line 164) * gnutls_x509_crt_set_pubkey <1>: Abstract key API. (line 1198) * gnutls_x509_crt_set_serial: X509 certificate API. (line 3685) * gnutls_x509_crt_set_subject_alternative_name: X509 certificate API. (line 3704) * gnutls_x509_crt_set_subject_alt_name: X509 certificate API. (line 3726) * gnutls_x509_crt_set_subject_key_id: X509 certificate API. (line 3751) * gnutls_x509_crt_set_version: X509 certificate API. (line 3768) * gnutls_x509_crt_sign: X509 certificate API. (line 3790) * gnutls_x509_crt_sign2: X509 certificate API. (line 3807) * gnutls_x509_crt_verify: X509 certificate API. (line 3832) * gnutls_x509_crt_verify_data: Compatibility API. (line 503) * gnutls_x509_crt_verify_hash: Compatibility API. (line 526) * gnutls_x509_dn_deinit: X509 certificate API. (line 3855) * gnutls_x509_dn_export: X509 certificate API. (line 3866) * gnutls_x509_dn_get_rdn_ava: X.509 distinguished names. (line 109) * gnutls_x509_dn_get_rdn_ava <1>: X509 certificate API. (line 3893) * gnutls_x509_dn_import: X509 certificate API. (line 3916) * gnutls_x509_dn_init: X509 certificate API. (line 3935) * gnutls_x509_dn_oid_known: X509 certificate API. (line 3951) * gnutls_x509_dn_oid_name: X509 certificate API. (line 3967) * gnutls_x509_privkey_cpy: X509 certificate API. (line 3984) * gnutls_x509_privkey_deinit: X509 certificate API. (line 3999) * gnutls_x509_privkey_export: X509 certificate API. (line 4008) * gnutls_x509_privkey_export_dsa_raw: X509 certificate API. (line 4037) * gnutls_x509_privkey_export_ecc_raw: X509 certificate API. (line 4063) * gnutls_x509_privkey_export_pkcs8: X509 certificate API. (line 4088) * gnutls_x509_privkey_export_rsa_raw: X509 certificate API. (line 4127) * gnutls_x509_privkey_export_rsa_raw2: X509 certificate API. (line 4155) * gnutls_x509_privkey_fix: X509 certificate API. (line 4190) * gnutls_x509_privkey_generate: X509 certificate API. (line 4202) * gnutls_x509_privkey_get_key_id: X509 certificate API. (line 4225) * gnutls_x509_privkey_get_pk_algorithm: X509 certificate API. (line 4252) * gnutls_x509_privkey_import: X509 certificate API. (line 4265) * gnutls_x509_privkey_import_dsa_raw: X509 certificate API. (line 4286) * gnutls_x509_privkey_import_ecc_raw: X509 certificate API. (line 4312) * gnutls_x509_privkey_import_pkcs8: X509 certificate API. (line 4338) * gnutls_x509_privkey_import_rsa_raw: X509 certificate API. (line 4372) * gnutls_x509_privkey_import_rsa_raw2: X509 certificate API. (line 4401) * gnutls_x509_privkey_init: X509 certificate API. (line 4435) * gnutls_x509_privkey_sec_param: X509 certificate API. (line 4446) * gnutls_x509_privkey_sign_data: Compatibility API. (line 550) * gnutls_x509_privkey_sign_hash: Compatibility API. (line 587) * gnutls_x509_privkey_verify_params: X509 certificate API. (line 4461) * gnutls_x509_rdn_get: X509 certificate API. (line 4473) * gnutls_x509_rdn_get_by_oid: X509 certificate API. (line 4493) * gnutls_x509_rdn_get_oid: X509 certificate API. (line 4521) * gnutls_x509_trust_list_add_cas: Verifying X.509 certificate paths. (line 9) * gnutls_x509_trust_list_add_cas <1>: X509 certificate API. (line 4544) * gnutls_x509_trust_list_add_crls: Verifying X.509 certificate paths. (line 58) * gnutls_x509_trust_list_add_crls <1>: X509 certificate API. (line 4566) * gnutls_x509_trust_list_add_named_crt: Verifying X.509 certificate paths. (line 28) * gnutls_x509_trust_list_add_named_crt <1>: X509 certificate API. (line 4597) * gnutls_x509_trust_list_add_system_trust: X509 certificate API. (line 4630) * gnutls_x509_trust_list_add_trust_file: X509 certificate API. (line 4650) * gnutls_x509_trust_list_add_trust_mem: X509 certificate API. (line 4678) * gnutls_x509_trust_list_deinit: X509 certificate API. (line 4705) * gnutls_x509_trust_list_get_issuer: X509 certificate API. (line 4719) * gnutls_x509_trust_list_init: X509 certificate API. (line 4742) * gnutls_x509_trust_list_verify_crt: Verifying X.509 certificate paths. (line 86) * gnutls_x509_trust_list_verify_crt <1>: X509 certificate API. (line 4759) * gnutls_x509_trust_list_verify_named_crt: Verifying X.509 certificate paths. (line 112) * gnutls_x509_trust_list_verify_named_crt <1>: X509 certificate API. (line 4788)  File: gnutls.info, Node: Concept Index, Prev: Function and Data Index, Up: Top Concept Index ************* [index] * Menu: * abstract types: Abstract key types. (line 6) * alert protocol: The TLS Alert Protocol. (line 6) * anonymous authentication: Anonymous authentication. (line 6) * API reference: API reference. (line 6) * bad_record_mac: On Record Padding. (line 6) * callback functions: Callback functions. (line 6) * certificate authentication: Certificate authentication. (line 6) * certificate authentication <1>: More on certificate authentication. (line 6) * certificate requests: PKCS 10 certificate requests. (line 6) * certificate revocation lists: PKIX certificate revocation lists. (line 6) * certificate status: OCSP certificate status checking. (line 6) * certtool: certtool Invocation. (line 6) * certtool help: certtool Invocation. (line 17) * certtool-debug: certtool Invocation. (line 112) * certtool-get-dh-params: certtool Invocation. (line 147) * certtool-hash: certtool Invocation. (line 199) * certtool-inder: certtool Invocation. (line 206) * certtool-inraw: certtool Invocation. (line 215) * certtool-load-ca-certificate: certtool Invocation. (line 180) * certtool-load-ca-privkey: certtool Invocation. (line 173) * certtool-load-certificate: certtool Invocation. (line 167) * certtool-load-privkey: certtool Invocation. (line 155) * certtool-load-pubkey: certtool Invocation. (line 161) * certtool-outder: certtool Invocation. (line 221) * certtool-outraw: certtool Invocation. (line 227) * certtool-pkcs-cipher: certtool Invocation. (line 240) * certtool-sec-param: certtool Invocation. (line 233) * certtool-to-p12: certtool Invocation. (line 187) * certtool-verify: certtool Invocation. (line 124) * certtool-verify-chain: certtool Invocation. (line 118) * certtool-verify-crl: certtool Invocation. (line 136) * channel bindings: Channel Bindings. (line 6) * ciphersuites: Supported ciphersuites. (line 6) * client certificate authentication: Client Authentication. (line 6) * compression algorithms: Compression algorithms used in the record layer. (line 6) * contributing: Contributing. (line 6) * CRL: PKIX certificate revocation lists. (line 6) * digital signatures: Digital signatures. (line 6) * download: Downloading and installing. (line 6) * Encrypted keys: Managing encrypted keys. (line 6) * error codes: Error codes. (line 6) * example programs: GnuTLS application examples. (line 6) * examples: GnuTLS application examples. (line 6) * exporting keying material: Keying Material Exporters. (line 6) * FDL, GNU Free Documentation License: Copying Information. (line 6) * generating parameters: Parameter generation. (line 6) * GnuTLS client: gnutls-cli Invocation. (line 6) * GnuTLS debug client: gnutls-cli-debug Invocation. (line 6) * GnuTLS OCSP tool: ocsptool Invocation. (line 6) * GnuTLS PKCS #11 tool: certtool Invocation. (line 6) * GnuTLS PKCS #11 tool <1>: p11tool Invocation. (line 6) * GnuTLS PSK tool: psktool Invocation. (line 6) * GnuTLS server: gnutls-serv Invocation. (line 6) * GnuTLS SRP tool: srptool Invocation. (line 6) * gnutls-cli: gnutls-cli Invocation. (line 6) * gnutls-cli help: gnutls-cli Invocation. (line 17) * gnutls-cli-debug: gnutls-cli-debug Invocation. (line 6) * gnutls-cli-debug <1>: gnutls-cli Invocation. (line 95) * gnutls-cli-debug help: gnutls-cli-debug Invocation. (line 21) * gnutls-cli-debug-debug: gnutls-cli-debug Invocation. (line 62) * gnutls-cli-list: gnutls-cli Invocation. (line 143) * gnutls-cli-ocsp: gnutls-cli Invocation. (line 109) * gnutls-cli-priority: gnutls-cli Invocation. (line 133) * gnutls-cli-rehandshake: gnutls-cli Invocation. (line 121) * gnutls-cli-resume: gnutls-cli Invocation. (line 115) * gnutls-cli-starttls: gnutls-cli Invocation. (line 127) * gnutls-cli-tofu: gnutls-cli Invocation. (line 101) * gnutls-serv: gnutls-serv Invocation. (line 6) * gnutls-serv help: gnutls-serv Invocation. (line 16) * gnutls-serv-debug: gnutls-serv Invocation. (line 87) * gnutls-serv-list: gnutls-serv Invocation. (line 103) * gnutls-serv-priority: gnutls-serv Invocation. (line 93) * hacking: Contributing. (line 6) * handshake protocol: The TLS Handshake Protocol. (line 6) * hardware security modules: Smart cards and HSMs. (line 6) * hardware tokens: Smart cards and HSMs. (line 6) * hash functions: Hash and HMAC functions. (line 6) * HMAC functions: Hash and HMAC functions. (line 6) * installation: Downloading and installing. (line 6) * internal architecture: Internal architecture of GnuTLS. (line 6) * Key pinning: Verifying a certificate using trust on first use authentication. (line 6) * key sizes: Selecting cryptographic key sizes. (line 6) * keying material exporters: Keying Material Exporters. (line 6) * maximum fragment length: Maximum fragment length negotiation. (line 6) * OCSP: OCSP certificate status checking. (line 6) * OCSP Functions: OCSP API. (line 6) * ocsptool: ocsptool Invocation. (line 6) * ocsptool help: ocsptool Invocation. (line 16) * ocsptool-ask: ocsptool Invocation. (line 86) * ocsptool-debug: ocsptool Invocation. (line 80) * Online Certificate Status Protocol: OCSP certificate status checking. (line 6) * OpenPGP API: OpenPGP API. (line 6) * OpenPGP certificates: OpenPGP certificates. (line 6) * OpenPGP server: Echo server with OpenPGP authentication. (line 6) * OpenSSL: Compatibility with the OpenSSL library. (line 6) * p11tool: p11tool Invocation. (line 6) * p11tool help: p11tool Invocation. (line 20) * p11tool-debug: p11tool Invocation. (line 96) * p11tool-generate-dsa: p11tool Invocation. (line 115) * p11tool-generate-ecc: p11tool Invocation. (line 121) * p11tool-generate-rsa: p11tool Invocation. (line 109) * p11tool-inder: p11tool Invocation. (line 144) * p11tool-inraw: p11tool Invocation. (line 150) * p11tool-private: p11tool Invocation. (line 127) * p11tool-provider: p11tool Invocation. (line 156) * p11tool-sec-param: p11tool Invocation. (line 137) * p11tool-write: p11tool Invocation. (line 102) * parameter generation: Parameter generation. (line 6) * PCT: On SSL 2 and older protocols. (line 37) * PKCS #10: PKCS 10 certificate requests. (line 6) * PKCS #11 tokens: Smart cards and HSMs. (line 6) * PKCS #12: Managing encrypted keys. (line 62) * PKCS #8: Managing encrypted keys. (line 22) * Priority strings: Priority Strings. (line 6) * PSK authentication: Authentication using PSK. (line 6) * psktool: psktool Invocation. (line 6) * psktool help: psktool Invocation. (line 16) * psktool-debug: psktool Invocation. (line 52) * random numbers: Random number generation. (line 6) * record padding: On Record Padding. (line 6) * record protocol: The TLS record protocol. (line 6) * renegotiation: Safe renegotiation. (line 6) * reporting bugs: Bug Reports. (line 6) * resuming sessions: Resuming Sessions. (line 6) * resuming sessions <1>: Session resumption. (line 6) * safe renegotiation: Safe renegotiation. (line 6) * server name indication: Server name indication. (line 6) * session resumption: Resuming Sessions. (line 6) * session resumption <1>: Session resumption. (line 6) * session tickets: Session tickets. (line 6) * Smart card example: Client using a smart card with TLS. (line 6) * smart cards: Smart cards and HSMs. (line 6) * SRP authentication: Authentication using SRP. (line 6) * srptool: srptool Invocation. (line 6) * srptool help: srptool Invocation. (line 23) * srptool-create-conf: srptool Invocation. (line 85) * srptool-debug: srptool Invocation. (line 66) * srptool-passwd-conf: srptool Invocation. (line 78) * srptool-verify: srptool Invocation. (line 72) * SSH-style authentication: Verifying a certificate using trust on first use authentication. (line 6) * SSL 2: On SSL 2 and older protocols. (line 6) * symmetric cryptography: Symmetric cryptography. (line 6) * symmetric encryption algorithms: Encryption algorithms used in the record layer. (line 6) * thread safety: Thread safety. (line 6) * tickets: Session tickets. (line 6) * TLS extensions: TLS Extensions. (line 6) * TLS extensions <1>: Maximum fragment length negotiation. (line 6) * TLS extensions <2>: Server name indication. (line 6) * TLS extensions <3>: Session tickets. (line 6) * TLS layers: TLS layers. (line 6) * transport layer: The transport layer. (line 6) * transport protocol: The transport layer. (line 6) * Trust on first use: Verifying a certificate using trust on first use authentication. (line 6) * upgrading: Upgrading from previous versions. (line 6) * verifying certificate paths: Verifying X.509 certificate paths. (line 6) * verifying certificate paths <1>: Verifying a certificate in the context of TLS session. (line 6) * verifying certificate paths <2>: Verifying a certificate using trust on first use authentication. (line 6) * X.509 certificates: X.509 certificates. (line 6) * X.509 distinguished name: X.509 distinguished names. (line 6) * X.509 Functions: X509 certificate API. (line 6)