#if defined(ENABLE_DHE) || defined(ENABLE_ANON)
/**
* gnutls_dh_set_prime_bits:
- * @session: is a #gnutls_session_t type.
+ * @session: is a #gnutls_session_t structure.
* @bits: is the number of bits
*
* This function sets the number of bits, for use in a Diffie-Hellman
case GNUTLS_CRD_ANON:
anon_info = _gnutls_get_auth_info(session, GNUTLS_CRD_ANON);
if (anon_info == NULL)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ return GNUTLS_E_INTERNAL_ERROR;
dh = &anon_info->dh;
break;
case GNUTLS_CRD_PSK:
psk_info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK);
if (psk_info == NULL)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ return GNUTLS_E_INTERNAL_ERROR;
dh = &psk_info->dh;
break;
case GNUTLS_CRD_CERTIFICATE:
cert_info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE);
if (cert_info == NULL)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ return GNUTLS_E_INTERNAL_ERROR;
dh = &cert_info->dh;
break;
default:
{
anon_info = _gnutls_get_auth_info(session, GNUTLS_CRD_ANON);
if (anon_info == NULL)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ return GNUTLS_E_INTERNAL_ERROR;
dh = &anon_info->dh;
break;
}
{
psk_info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK);
if (psk_info == NULL)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ return GNUTLS_E_INTERNAL_ERROR;
dh = &psk_info->dh;
break;
}
cert_info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE);
if (cert_info == NULL)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ return GNUTLS_E_INTERNAL_ERROR;
dh = &cert_info->dh;
break;
}
info = _gnutls_get_auth_info(session, GNUTLS_CRD_ANON);
if (info == NULL)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ return GNUTLS_E_INTERNAL_ERROR;
return info->dh.secret_bits;
}
case GNUTLS_CRD_PSK:
info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK);
if (info == NULL)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ return GNUTLS_E_INTERNAL_ERROR;
return info->dh.secret_bits;
}
case GNUTLS_CRD_CERTIFICATE:
info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE);
if (info == NULL)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ return GNUTLS_E_INTERNAL_ERROR;
return info->dh.secret_bits;
}
info = _gnutls_get_auth_info(session, GNUTLS_CRD_ANON);
if (info == NULL)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ return GNUTLS_E_INTERNAL_ERROR;
dh = &info->dh;
break;
}
info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK);
if (info == NULL)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ return GNUTLS_E_INTERNAL_ERROR;
dh = &info->dh;
break;
}
info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE);
if (info == NULL)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ return GNUTLS_E_INTERNAL_ERROR;
dh = &info->dh;
break;
info = _gnutls_get_auth_info(session, GNUTLS_CRD_ANON);
if (info == NULL)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ return GNUTLS_E_INTERNAL_ERROR;
dh = &info->dh;
break;
info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK);
if (info == NULL)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ return GNUTLS_E_INTERNAL_ERROR;
dh = &info->dh;
break;
info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE);
if (info == NULL)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ return GNUTLS_E_INTERNAL_ERROR;
dh = &info->dh;
break;
/**
* gnutls_certificate_set_dh_params:
- * @res: is a gnutls_certificate_credentials_t type
- * @dh_params: the Diffie-Hellman parameters.
+ * @res: is a gnutls_certificate_credentials_t structure
+ * @dh_params: is a structure that holds Diffie-Hellman parameters.
*
* This function will set the Diffie-Hellman parameters for a
* certificate server to use. These parameters will be used in
/**
* gnutls_certificate_set_params_function:
- * @res: is a gnutls_certificate_credentials_t type
+ * @res: is a gnutls_certificate_credentials_t structure
* @func: is the function to be called
*
* This function will set a callback in order for the server to get
}
/**
- * gnutls_certificate_set_flags:
- * @res: is a gnutls_certificate_credentials_t type
- * @flags: are the flags of #gnutls_certificate_flags type
- *
- * This function will set flags to tweak the operation of
- * the credentials structure. See the #gnutls_certificate_flags enumerations
- * for more information on the available flags.
- *
- * Since: 3.4.7
- **/
-void
-gnutls_certificate_set_flags(gnutls_certificate_credentials_t res,
- unsigned int flags)
-{
- res->flags = flags;
-}
-
-/**
* gnutls_certificate_set_verify_flags:
- * @res: is a gnutls_certificate_credentials_t type
+ * @res: is a gnutls_certificate_credentials_t structure
* @flags: are the flags
*
* This function will set the flags to be used for verification
}
/**
- * gnutls_certificate_get_verify_flags:
- * @res: is a gnutls_certificate_credentials_t type
- *
- * Returns the verification flags set with
- * gnutls_certificate_set_verify_flags().
- *
- * Returns: The certificate verification flags used by @res.
- *
- * Since: 3.4.0
- */
-unsigned int
-gnutls_certificate_get_verify_flags(gnutls_certificate_credentials_t res)
-{
- return res->verify_flags;
-}
-
-/**
* gnutls_certificate_set_verify_limits:
- * @res: is a gnutls_certificate_credentials type
+ * @res: is a gnutls_certificate_credentials structure
* @max_bits: is the number of bits of an acceptable certificate (default 8200)
* @max_depth: is maximum depth of the verification of a certificate chain (default 5)
*
#ifdef ENABLE_PSK
/**
* gnutls_psk_set_params_function:
- * @res: is a gnutls_psk_server_credentials_t type
+ * @res: is a gnutls_psk_server_credentials_t structure
* @func: is the function to be called
*
* This function will set a callback in order for the server to get
#ifdef ENABLE_ANON
/**
* gnutls_anon_set_params_function:
- * @res: is a gnutls_anon_server_credentials_t type
+ * @res: is a gnutls_anon_server_credentials_t structure
* @func: is the function to be called
*
* This function will set a callback in order for the server to get
return 0;
}
-#ifdef ENABLE_OCSP
/**
* gnutls_ocsp_status_request_is_checked:
* @session: is a gnutls session
- * @flags: should be zero or %GNUTLS_OCSP_SR_IS_AVAIL
+ * @flags: should be zero
*
* Check whether an OCSP status response was included in the handshake
* and whether it was checked and valid (not too old or superseded).
* This is a helper function when needing to decide whether to perform an
- * OCSP validity check on the peer's certificate. Should be called after
- * any of gnutls_certificate_verify_peers*() are called.
- *
- * If the flag %GNUTLS_OCSP_SR_IS_AVAIL is specified, the return
- * value of the function indicates whether an OCSP status response have
- * been received (even if invalid). The flag was introduced in GnuTLS 3.4.0.
+ * OCSP validity check on the peer's certificate. Must be called after
+ * gnutls_certificate_verify_peers3() is called.
*
- * Returns: non zero if the response was valid, or a zero if it wasn't sent,
+ * Returns: non zero it was valid, or a zero if it wasn't sent,
* or sent and was invalid.
**/
int
gnutls_ocsp_status_request_is_checked(gnutls_session_t session,
unsigned int flags)
{
- int ret;
- gnutls_datum_t data;
+ return session->internals.ocsp_check_ok;
+}
- if (flags & GNUTLS_OCSP_SR_IS_AVAIL) {
- ret = gnutls_ocsp_status_request_get(session, &data);
- if (ret < 0)
- return gnutls_assert_val(0);
+#ifdef ENABLE_RSA_EXPORT
- if (data.data == NULL)
- return gnutls_assert_val(0);
- return 1;
- }
- return session->internals.ocsp_check_ok;
+/**
+ * gnutls_rsa_export_get_pubkey:
+ * @session: is a gnutls session
+ * @exponent: will hold the exponent.
+ * @modulus: will hold the modulus.
+ *
+ * This function will return the peer's public key exponent and
+ * modulus used in the last RSA-EXPORT authentication. The output
+ * parameters must be freed with gnutls_free().
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
+ * an error code is returned.
+ **/
+int
+gnutls_rsa_export_get_pubkey(gnutls_session_t session,
+ gnutls_datum_t * exponent,
+ gnutls_datum_t * modulus)
+{
+ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
+}
+
+/**
+ * gnutls_rsa_export_get_modulus_bits:
+ * @session: is a gnutls session
+ *
+ * Get the export RSA parameter's modulus size.
+ *
+ * Returns: The bits used in the last RSA-EXPORT key exchange with the
+ * peer, or a negative error code in case of error.
+ **/
+int gnutls_rsa_export_get_modulus_bits(gnutls_session_t session)
+{
+ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
+}
+
+/**
+ * gnutls_certificate_set_rsa_export_params:
+ * @res: is a gnutls_certificate_credentials_t structure
+ * @rsa_params: is a structure that holds temporary RSA parameters.
+ *
+ * This function will set the temporary RSA parameters for a
+ * certificate server to use. These parameters will be used in
+ * RSA-EXPORT cipher suites.
+ **/
+void
+gnutls_certificate_set_rsa_export_params(gnutls_certificate_credentials_t
+ res,
+ gnutls_rsa_params_t rsa_params)
+{
+ return;
}
#endif
* This function returns a string describing the current session.
* The string is null terminated and allocated using gnutls_malloc().
*
- * If initial negotiation is not complete when this function is called,
- * %NULL will be returned.
- *
* Returns: a description of the protocols and algorithms in the current session.
*
* Since: 3.1.10
unsigned mac_id;
char *desc;
- if (session->internals.initial_negotiation_completed == 0)
- return NULL;
-
kx = session->security_parameters.kx_algorithm;
if (kx == GNUTLS_KX_ANON_ECDH || kx == GNUTLS_KX_ECDHE_PSK ||
curve_name =
gnutls_ecc_curve_get_name(gnutls_ecc_curve_get
(session));
-#if defined(ENABLE_DHE) || defined(ENABLE_ANON)
} else if (kx == GNUTLS_KX_ANON_DH || kx == GNUTLS_KX_DHE_PSK
|| kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS) {
dh_bits = gnutls_dh_get_prime_bits(session);
-#endif
}
kx_str = gnutls_kx_get_name(kx);
/**
* gnutls_session_set_id:
- * @session: is a #gnutls_session_t type.
+ * @session: is a #gnutls_session_t structure.
* @sid: the session identifier
*
* This function sets the session ID to be used in a client hello.
gnutls_session_set_id(gnutls_session_t session, const gnutls_datum_t * sid)
{
if (session->security_parameters.entity == GNUTLS_SERVER ||
- sid->size > GNUTLS_MAX_SESSION_ID_SIZE)
+ sid->size > TLS_MAX_SESSION_ID_SIZE)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
memset(&session->internals.resumed_security_parameters, 0,